(© kentoh via Canva.com)
For malicious actors, generative AI (gen AI) presents stealthier, more efficient, and increasingly effective methods for launching cyberattacks. Cybercriminals can now analyze entire organizational data infrastructures, create highly convincing fake identities, and infiltrate critical IoT systems faster than ever before.
In response, governments and businesses are stepping up their defenses. Across EMEA, cyber defenders are leveraging gen AI in innovative ways to counter these rapidly evolving threats. Their not-so-secret weapon? Real-time data streaming.
The combination of generative AI and stream processing is proving to be a powerful defense for organizations navigating this complex threat landscape. Here are three compelling examples that demonstrate how.
1. Real-time threat detection and response
A real-time threat requires a real-time response. The faster an organization can identify and react to a breach, the smaller the impact. Batch data processing, which analyzes stored data, falls short when systems are actively under attack.
Generative AI-powered real-time analytics enables continuous monitoring of data streams across networks, allowing security systems to detect anomalies and potential threats as they happen.
Beyond detection, generative AI automates response processes across the entire security chain. From identifying the threat to isolating compromised systems, automation dramatically reduces the time needed to contain and resolve incidents. It also minimizes the risk of human error, preventing a panicked response from exacerbating the damage in an attack.
UK telecoms giant Vodafone has invested heavily in real-time threat detection and response systems as part of its broader cybersecurity strategy. Its in-house global cyber security arm employs 900 people to handle trillions of events and logs from sensors across all the countries in which it operates.
This advanced network monitoring enables Vodafone to gain real-time visibility into all data traffic, detecting anomalies like spikes in usage or unusual access patterns to identify threats before they can cause harm. AI and machine learning (ML) enhance these efforts by detecting abnormal behaviors, predicting potential vulnerabilities, and automating routine security tasks.
Incident response automation ensures the organization is quick to react to detected threats. AI and ML-powered automated playbooks and workflows trigger immediate actions, such as isolating affected devices or rerouting traffic during DDoS attacks. By automating responses and reducing human error, Vodafone ensures the swift mitigation of cyber risks across its vast and complex infrastructure.
2. Real-time behavioral analysis for insider threats
Another compelling way data streaming strengthens cybersecurity is through behavioral analytics. By establishing a baseline of normal user and device behavior, organizations can more easily detect anomalies that signal potential threats. For example, compromised credentials can be flagged when a user’s actions deviate from their typical patterns. In the IoT space, device profiles can track normal resource usage, alerting security teams when unusual activity suggests a problem.
Both of these illustrate the crucial need for data to be processed and analyzed in the flow so that the insights can be as immediate and accurate as possible in order to prevent fraud or device outages. These examples highlight the critical need for real-time data processing and analysis to generate immediate, accurate insights.
One area where behavioral analytics shines is in detecting insider threats, especially in organizations handling high-risk information. Continuous monitoring of user behavior against established profiles helps prevent both intentional and accidental breaches, reducing the risk of costly incidents.
For instance, a bank could use AI to track employee activities across its network. By analyzing login times, file access, and data transfers, the AI can spot suspicious behavior—like an employee accessing sensitive files outside normal working hours—and flag it for investigation.
3. Real-time threat intelligence sharing to fight APTs
In EMEA, cybersecurity threats frequently cross national borders. As cyberattacks grow more sophisticated, defenders must analyze larger, more complex datasets from a wider range of sources—making cross-government collaboration paramount.
Generative AI and data streaming technologies streamline this process by quickly correlating data from various sources, providing organizations with a more comprehensive view of the expanding threat landscape. Multiple organizations can collaborate simultaneously to detect, monitor, and respond to cybersecurity threats in real time.
The European Union Agency (ENISA) for Cybersecurity plays a crucial role in promoting real-time threat intelligence sharing across member states. The agency fosters collaboration through the EU Cybersecurity Act and coordinates initiatives like Cyber Threat Intelligence (CTI) platforms, where various sectors share critical real-time data to mitigate cyber threats.
In the case of Advanced Persistent Threats (APTs) — sophisticated, long-term attacks often backed by nation-states or well-funded groups — combining generative AI with stream processing is essential for spotting the proverbial needle in the haystack.
UK cybersecurity firm Darktrace has developed an AI-driven cybersecurity platform that leverages machine learning, including gen AI capabilities, to detect and respond to sophisticated APTs.
The platform uses self-learning AI models to detect abnormal behaviors in real time, identifying subtle signs of APTs over the long term, such as unusual network traffic or lateral movement (where cyber attackers move from one system to another to gain deeper access to critical infrastructure). Darktrace’s gen AI technology can also simulate potential APT scenarios helping to anticipate novel attacks.
In March 2024, Darktrace detected suspicious emails on a customer’s network, sent from addresses associated with a well-known international fast-food chain. The attackers used trusted domains and hid malicious links within QR codes, attempting to evade traditional email security measures. Darktrace’s AI flagged the unusual behavior, scanned the QR codes, and identified the threat before any compromise occurred.
The case highlights the shifting nature of cybersecurity threats – what was considered secure yesterday is vulnerable today. Organizations must work together to match the pace of advancing cybercrime.
Strengthening defenses through AI advancements
The combined potential of generative AI and data streaming is something I find more exciting than daunting. Businesses are already seeing significant returns on their data streaming investments, driving improvements in operational efficiency, customer experience, and accelerating AI/ML adoption.
However, these tools can be wielded by both attackers and defenders. To stay ahead, we must invest in the right infrastructure, talent, and expertise to ensure we’re on the winning side.