At Intezer, we’re always pushing the boundaries of what’s possible in cybersecurity. Today, we’re thrilled to announce the launch of our first generative AI-powered feature: AI Insights. This groundbreaking feature provides both a verdict and a comprehensive summary of the flow, behavior, and purpose of any text-based scripts, including Python, PowerShell, NSI, VBScript, JavaScript, LNK, and BAT.
The Challenge of Analyzing Text-Based Scripts
Until now, providing meaningful verdicts and insights for text-based scripts and macros has been a significant challenge. Traditional analysis methods such as sandboxing often fall short, leaving security teams without the insights they need to understand and respond to threats effectively.
Introducing AI Insights
AI Insights is our solution to this challenge. By integrating generative AI into our platform, we can now provide detailed insights into any scripts and macros. This includes a classification (likely malicious, safe, inconclusive) and a detailed summary explaining what the script does and why the classification was given.
Example of a malicious powershell script
How AI Insights Works
When you upload a script to our platform, via manual scanning or automated alert triage, AI Insights gets to work. While the report is being calculated, you’ll see a loading animation with the text: “Generating AI-powered insights.”
Once the analysis is complete, the report’s content will be displayed in the right panel. The report includes a verdict on the script (likely malicious, safe, inconclusive) and a detailed summary of the script’s flow, behavior, and purpose.
To ensure optimal results, we recommend uploading files with their extensions (.ps1 for PowerShell, .py for Python, .js for JavaScript, .vbs for VBScript).
Please note that currently the AI Insights report will only be produced for the root file of the analysis, as it’s still an experimental feature. If you wish to get insights for a static/dynamic extracted file, please re-analyze it separately.
Example of a malicious LNK file
Leveraging the Power of AI While Safeguarding Privacy
Rest assured that we’re innovating responsibly. In our journey to harness generative AI’s potential, we remain steadfast in our commitment to privacy. Our AI Insights feature operates on a private cloud-based infrastructure, ensuring your data is not exposed to third-party services such as ChatGPT. This approach allows us to deliver powerful AI-driven insights while maintaining the highest standards of data security and privacy.
Your Feedback Matters
We’re excited about the launch of AI Insights, but we know there’s always room for improvement. That’s why we’ve included feedback buttons for users. We encourage you to use these buttons to share your thoughts on this new feature. Your feedback will help us continue to improve and innovate.
Looking Ahead: The Future of AI Insights
As we celebrate the launch of AI Insights, we’re also looking ahead to the future. We’re excited about the potential of this feature and have big plans for its development. Here’s a sneak peek at what’s coming:
- AI Insights for Suspicious Emails: Phishing emails are a common threat that organizations face. We’re working on extending AI Insights to analyze and respond to suspicious emails, providing you with the insights you need to combat phishing attacks effectively.
- Automatic Macro Extraction: To make the analysis process even smoother, we’re developing a feature that will automatically extract macros from documents for analysis via AI Insights. This will save you time and ensure that no potential threats are overlooked, and should further enable true automation for security teams.
- AI-Generated Verdicts for Automated Triage: While the verdicts generated by AI Insights are currently only displayed for context, we see a future where these verdicts are used for automated triage. This feature is still experimental, and we’re committed to maintaining our integrity by ensuring its efficacy before integrating it into our overall verdict system.
- Visual Understanding of Threats: We’re exploring ways to provide a visual understanding of threats, including execution flow and attack story. This will make it easier for you to understand the nature and severity of threats.
- Chat with AI Security Analyst: Imagine having a chat assistant inside Intezer, with access to our threat intelligence and your alert and analysis data. This assistant could answer general questions and generate rules/queries, providing you with personalized and immediate support.
We’re excited about these developments and look forward to sharing more updates with you in the future. As always, your feedback is invaluable to us, and we encourage you to share your thoughts on these upcoming features.
Conclusion
AI Insights represents a significant step forward in our mission to empower security teams with the tools and insights they need to combat threats effectively. We’re excited to see how this new feature will enhance your ability to analyze scripts and respond to threats.
To see AI Insights in action, book a demo with us today. We can’t wait to show you how automated alert triage looks like when it’s also supercharged with generative AI.
The post 🚀 Launching AI Insights: Revolutionizing Threat Analysis with AI appeared first on Intezer.
Article Link: AI Insights: Revolutionizing Threat Analysis