Check Point’s new generative AI tool offers platform-wide intelligence and remediation

Cybersecurity company Check Point Software Technologies has debuted a new platform-wide generative AI-based tool to improve the speed and effectiveness of security decision making across its Infinity group of solutions. Designed to handle both routine administrative tasks as well as those requiring an analytical assessment, Infinity AI Copilot is designed to help address the time and talent challenges that organizations face in the current threat environment.

By extending across the platform, which encompasses security for workspaces, networks and the cloud, the AI-powered tool is billed as providing a more comprehensive threat intelligence. This gives it the ability to bring generative AI across the entire platform, says Eyal Manor, VP of product management Check Point Software. “If an admin asks a question about a security incident the organization has encountered, it will take into account XDR data, events it can see, other tools in use as well as how the security policies across the other security products have been configured,” he tells CSO.

Integrated AI-powered tool designed to help security admins

Using natural language processing, Infinity AI Copilot is designed to enable admins to create and update policies, provide guided incident investigations, and apply controls and rules through a text-based chat interface in the style of ChatGPT. By extending across the Infinity platform, the organization is looking to address one of the weaknesses of single-point tools — a lack of integration and ultimately a restricted view of threat intelligence and insights to address the latest vulnerabilities.

For instance, if a computer is compromised, using the AI tool, it will look for where this vulnerability may extend into the organization. “It will go to all the security gateways and make sure that the infected computer is quarantined. If it relates to an email where a malicious attachment was opened, it will delete this attachment if someone else has received the same attachment. By integrating [with Infinity], it will stop the threats from spreading or from returning,” Manor says. It also learns the organization’s policies, rules, objects, logs, and product documentation to provide contextualized, relevant answers to admin queries, incident response and threat detection.

The company sees this as another unique point of difference — the power of having the AI tool learn from a wider set of data sources across the organization, something that it says makes it stand out from other GenAI-based security tools. “It’s about what you use to teach the system. It can observe data, logs, security policies, blogs and other things on the internet, and the organization’s documentation,” Manor says.

Infinity AI Copilot targets time-consuming security tasks

Harnessing AI automation and intelligence, Check Point wants to make it possible to reduce the time and talent needed for common administrative tasks, things that are in short supply across cybersecurity. “It’s taking tasks that may have been reserved for just two or three analysts with five years of experience and helping them with the AI Copilot,” Manor says.

In terms of use cases, network security stands out as benefiting from this kind of tool. One of the most time-consuming tasks for security administrators, for example, is managing security policies. Adjusting, updating, and removing rules is a significant time investment and if any rules are mismanaged usually the biggest cost is to business continuity. “It will break at the worst possible time,” says Manor. This kind of generative AI tool significantly reduces the time needed because it can provide insights on the policies, make suggestions, and carry out adjustments and changes using simple commands.

Troubleshooting is another complex, time consuming task that stands to benefit from the application of a generative AI tool. Manor said that when analysts and others are spending valuable time dealing with support tickets, it leaves little time for more strategic thinking and adjustments.

“Copilot really helps with understanding what happened, if you’ve been attacked, what are the related entities that may have been impacted and, most importantly, what should you do next and how do you improve your security posture,” Manor said. Up until now, it was only highly trained experts who could understand these incidents and know how to address them, but AI is changing this. “AI has made this much simpler,” he says.

The company plans to expand the Infinity AI Copilot further across the platform, envisaging these tools growing in sophistication and trust from where they provide just assistance to generating more of their own guidance. It’s looking to build out more proactive assistance with policy optimization and helping to identify non-existent policies as well as autonomous policy management features.

Generative AI, Threat and Vulnerability Management


Go to Source
Author:

jsplaces