Splunk Inc. built its platform around enterprise resilience and keeping data secure. Its approach provides a realistic view of vulnerabilities, starting with access management.

“People don’t hack the cloud; they hack the user,” said Ryan Kovar (pictured), distinguished security strategist and leader of SURGe at Splunk. “The user is what allows them to have credentials, and those credentials are how they log in to the cloud. The strategy always starts with looking at the identity and access management plane and trying to figure out the ways you can best secure your assets through there. It’s really understanding what the events are that are going to cause you the most pain and then trying to write universal detections as much as possible that hits across all those different places.”

Kovar spoke with theCUBE industry analyst Dave Vellante at the Supercloud 3: Security, AI and the Supercloud event, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed the need for consistent protection standards and how generative AI will change security work in the enterprise.

Common information model

Identity and access management refers to the framework of processes and technologies used by IT organizations to grant permission for network use. Splunk believes that one key to enterprise resilience in a multicloud environment is a platform that can maintain and monitor user identities while constantly scanning for anomalies.

“It’s creating a taxonomy, almost a data dictionary of understanding what each of these cloud service providers offers,” Kovar said. “There’s going to be change management logs; there’s going to be these methods of detecting unusual activity and then coming up with a common information model. That allows you to do detections regardless of what platform you’re utilizing. That becomes essential.”

Kovar’s vision for a system of classification to secure cross-cloud enterprise data received a boost in 2022 when a coalition of technologies firms, including Splunk, announced the formation of the Open Cybersecurity Schema Framework. The goal of OCSF is to standardize around a common set of rules that govern the handling of cybersecurity events.

“One of the ways that we’ve looked at here at Splunk is trying to say we should have a universal taxonomy for these events, regardless of if you are Azure or Office 365 or whatever vendor you want who is creating data in the cloud,” Kovar said. “Everyone is facing the same threats, and at the end of the day, no matter how you’re labeling it, they’re going to be the same sort of events. Let’s have a single method for all of us to use so that we can all detect and remediate faster and more efficiently using those standards.”

Watershed moment in AI

The implementation of consistent security standards may become more necessary as organizations adopt the use of advanced tools, such as generative AI. The rise of ChatGPT by OpenAI LP has led the security community to recognize the significant change it may bring.

“The day that ChatGPT was really released was the same way that you had Nokia and Motorola when Apple dropped the iPhone,” Kovar said. “There was definitely a moment where everyone said, ‘Oh, this is different.’ Generative AI is something approachable and usable immediately by the majority of the population. I really think that it was a watershed moment for technology.”

That watershed moment has opened an opportunity for a transformation in how coding will be handled in the future. Cloud is code, and code can now be initiated through automated programming tools, such as Microsoft Corp.’s Copilot.

Kovar spoke with one computer data scientist who gave ChatGPT a solved math proof from 1874, and the AI tool couldn’t provide the correct answer. Yet when Kovar relied on the tool for programming assistance, ChatGPT delivered.

“I gave it a problem that I needed to fix with Python, and it took me about 20 minutes to do, where it would have taken me an hour and a half to do it by myself,” Kovar said. “You’re still going to need an adult in the room to understand what those LLMs are doing, those large language models. But I think a lot of that lower barrier to entry work will actually be automated or augmented very quickly by generative AI.”

This lower barrier to entry will also open the door for use in ways that organizations may not expect. Kovar detailed how a company he worked with had attempted to block its employees from using ChatGPT in the workplace.

“They had blocked it at the web proxy, and they were looking at logs and thought they had done a great job,” Kovar recalled. “They found out that their developers had actually put in API calls and they were doing hundreds of thousands of API calls a day to GPT or OpenAI and they had they had no clue that had been built into the CI/CD pipeline.”

Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of the Supercloud 3: Security, AI and the Supercloud event:

Photo: SiliconANGLE