A theme emerged earlier this year in the MSP/MSSP world: The use of large language model-based chat engines to act as AI “copilots.”
Service providers should carefully examine the nature and benefits of this. Ironically, they risk empowering their most formidable competitors.
The interest in service providers who offer generative AI technology is driven by the skills gap: There are not enough qualified people to interpret and act on the gargantuan flow of data generated by today’s cybersecurity tools. End-user organizations face the same challenge, which is partly why they seek out MSPs/MSSPs in the first place.
Filling the Core Information Base
Even the best generative AI can only produce output based on the information in its training models. And regarding customer-specific cybersecurity management, that core information base is essentially zero for the most well-known LLMs.
That means two things in the context of 2024’s state of evolution:
- Service providers that want to leverage LLMs must train the AI with knowledge specific to their customers and to their cybersecurity skills.
- Since the AI itself doesn’t contribute any fundamental knowledge beyond its ability to quickly generate well-formatted English, its use is restricted to the “copilot” role.
To address the first of these points, if you must train an AI owned by a major technology company to know your business, you really haven’t done a whole lot to alleviate your skills gap problem. For the second point, it’s even worse: By training AI copilots owned by other organizations, you’re effectively empowering them to compete with you.
Hidden Risks of Cloud-Based Security
Big Tech has been trying to chip away at your business by encouraging your customers to move their IT computer resources to their clouds, saying “Don’t worry about cybersecurity. We’re better at it than your service providers are.”
However, by segregating your IT resources in cloud-based enclaves, you’re not eliminating a hacker’s ability to attack you with stolen credentials. Instead, you are eliminating your own ability to detect attacks and infiltrations by observing lateral movement and other network anomalies.
OT Integration and Comprehensive Security
Your customers may be tempted to move IT resources to cloud providers, but they will never do that with core industrial and operational assets. And those are the most important things they need you to protect.
The right approach to all of these problems is to work with a small number of technology providers with the ability to generate both primary and secondary cybersecurity information. In effect, you’re looking for “pilots” rather than “copilots.”
Primary information results from direct instrumentation and monitoring of customer networks and operations. This is the information that the copilot model expects you to generate and feed into its models. Secondary information is the analytic results from primary information processing, which produces well-curated, actionable alerts and remediation paths.
The combination of both is what customers want from their MSPs and MSSPs. Service providers must face the growing pressure to provide both sides of the equation. That way, they will be able to grow their businesses, upsell OT/IoT services to their existing customers, and fend off their most determined and fearsome competitors — namely, the AI bearing gifts.
As we say in my hometown: “Don’t do me any favors.”
Francis Cianfrocca is CEO of InsightCyber LLC. He is an industry expert with decades of experience in securing industrial environments and innovating new and modern security technology to defeat the most advanced cyber-attacks and threats.
Image: DALL-E