BreachRx Brings Generative AI to Security Incident Management
BreachRx this week added generative artificial intelligence (GenAI) capabilities to a security incident platform that promises to streamline workflows across all the stakeholders that need to collaborate.
Matt Hartley, chief product officer for BreachRx, said Rex AI was trained using the cybersecurity, privacy and data breach legal library, dubbed Cyber RegScout, to provide the teams responding to security incidents with a natural language chat bot interface that makes it simpler to collaborate than, for example, setting up another channel on the Slack or Microsoft Teams platform.
The overall goal is to make it simpler for the entire business to respond to a cybersecurity event in a way that includes, for example, finance, legal and corporate communications teams, said Hartley
At the same time, Rex AI will automatically generate templates for creating incident response records in addition to surfacing recommendations for additional actions that might be required by, for example, a regulatory compliance mandate.
That’s critical, because it’s all but impossible for everyone to completely understand every potential issue that might need to be addressed in the wake of a cybersecurity incident, noted Hartley.
Finally, Rex AI will provide a summarization of incidents, edit notes taken and recommend fixes for mistakes.
It’s not clear to what degree organizations have defined playbooks for responding to cybersecurity incidents, but given the number of breaches that occur, many of them are developing repeatable workflows. Deployed as a software-as-a-service (SaaS) application running on the Amazon Web Services (AWS) cloud, the BreachRx platform provides a conduit to consistently executing those workflows in a way that is easily repeatable, noted Hartley.
That approach also reduces the amount of time needed to onboard new members to a security incident response team as the scope of any given security breach expands, he added.
Eventually, there will come a day when many of the tasks that make up a security incident workflow might be assigned to AI agents that are supervised by the individuals ultimately responsible for managing these incidents. In the meantime, there is a clear need to streamline security incident workflows that span multiple departments within an organization. Additionally, any organization that operates in a highly regulated industry will need to establish an audit trail detailing how the security incident was resolved.
The challenge, of course, is determining how many incidents there are in a given year, that might warrant the need for a dedicated platform to manage them. As a general rule, larger organizations have a wider attack surface to defend so the need for a more structured approach to managing cybersecurity incidents is likely to be more acute.
However, it’s also worth noting that the number of likely cybersecurity incidents will increase as cybercriminals leverage advances in AI to increase both the volume and sophistication of the cyberattacks being launched.
As is the case with any security breach, the most critical issue is the time it takes to respond. As each second passes, the amount of potential damage being inflicted only grows. As such, the organizations that are best prepared to respond to a security breach are ultimately the ones that prove to be the most resilient.
