AI Powers Sabre’s Enhanced Threat Detection & Response
Author: Dana De Angelo
Re-published from the Palo Alto Blog
Precision AI™ by Palo Alto Networks Elevates Security Posture
As the cyberthreat landscape continues to evolve at an unprecedented pace, security teams are turning to artificial intelligence (AI) to bolster their defense capabilities. According to research from Deloitte, the market for AI-powered cybersecurity solutions is projected to reach a staggering $102.78 billion by the year 2032, underscoring the widespread embrace and integration of AI technologies across the cybersecurity landscape.
Scott Moser, CISO at Sabre, a leading software technology company for the travel industry, shares his insights on how AI is transforming cybersecurity at his organization.
Sabre, headquartered in Texas, is the largest global distribution systems provider for air bookings and offers more than 200 hundred software products that enable the entire travel ecosystem from reservations and revenue optimization to delivery. Moser joined Sabre in 2019 to lead the company in modernizing its security tooling, focused on solving the complexity of a multi-vendor security environment with uncontrolled spending.
The Disruptive Potential of Generative AI
Recently, Palo Alto Networks announced Precision AI, the proprietary AI system that helps security teams trust AI outcomes by using rich data and security-specific models to automate detection, prevention and remediation.
Moser acknowledges that, “AI is one of those fundamental technology changes that occurs in our lifetime that can rapidly alter how we live and how we conduct business.” While some security leaders initially focused on governance concerns around AI usage, “those conversations have changed and deepened over time,” to explore how generative AI can enhance security solutions.
However, the rise of generative AI also introduces new risks. Moser cautions, “Companies today are facing many significant and emerging threats against generative AI.” He highlights the importance of, “appropriate control and understanding of where that data came from and how the data is being used,” when training AI models and crafting prompts.
Despite the challenges, Moser firmly believes:
“AI actually creates an advantage for businesses and security companies. Ultimately, the use of AI is allowing us to respond faster to threats, to determine what those threats are, and then define remediation to any attacks that occur to us.”
At Sabre, AI plays a pivotal role in enhancing security operations. Moser states, “We’re using AI in our security solutions, both in solutions that we acquire from our partners, such as Palo Alto Networks, and also in solutions that we create ourselves that are able to do functions faster than we ever were able to do them before.”
Addressing the Talent Gap with Natural Language Processing
One significant hurdle security teams face is ensuring they have adequate staffing to effectively utilize the plethora of security tools at their disposal. According to a 2022 research study by Palo Alto Networks, 77% of security leaders want to reduce the number of security vendors and tools they rely on. In the same report, 41% of global organizations work with 10 or more cybersecurity vendors, with vendors using almost 32 security tools/solutions on average.
Moser sees AI as a potential solution, noting, “The ability for more team members to query firewalls and all of the security tools using natural language interface is extremely valuable in ensuring very quick response to security threats as well as getting better answers to the questions they ask.”
Comprehensive Visibility and Control
As organizations increasingly adopt AI, Moser stresses the importance of implementing comprehensive visibility and control measures. This is because data can flow bi-directionally, with internal employees accessing external AI tools and external customers or partners accessing the company’s internal AI tools. This two-way data flow creates potential security risks that must be addressed through proper monitoring and access controls. Moser stresses, “First of all, the ability to identify what generative AI is in use by the employees of our company is critically important. Secondly, the deployment of security policies surrounding the access and use of those generative AI technologies will be extremely important.”
Moreover, Moser underscores the importance of actively detecting and preventing threats targeting an organization’s own AI implementations, stating, “Perhaps most important though is the ability to detect and to prevent threats against our own use of generative AI in our environment.”
Precision AI Technology in the Security Operations Center (SOC)
With Cortex XDR‘s cloud-delivered architecture and lightweight agent, Sabre rapidly rolled out the solution to thousands of endpoints across their environment. Once deployed, Cortex XDR ingested data from across the organization to begin looking for attack behavior. Utilizing Precision AI technology, Cortex XDR applies machine learning models precisely tuned to detect malicious activity, uncovering threats within Sabre’s specific environment and providing prioritized, actionable alerts and context. He explains further:
“Most recently, we deployed Cortex XDR replacing our previous endpoint security solution. That was by far the fastest deployment of any security tool that we’ve had over many years. Achieving 85% deployment in only a matter of three months over an environment of almost 40,000 endpoints. The partnership and the assistance that we’ve gained from Palo Alto Networks has significantly improved the maturity of our security program across the board.
As security leaders, we understand that the speed and complexity of attacks will continue to increase each and every year. We know that it’s critically important that the security solutions we put in place are tightly integrated with security orchestration and automation tools. And so the use of this automation is our way of staying ahead of attackers to be able to detect, respond and mitigate the threats against us.”
He highlights the pivotal role by Palo Alto Networks in enhancing Sabre’s security maturity, stating, “Palo Alto Networks has helped us continually mature our own security program over time, and at the same time to reduce the impact of security threats that we face.”
Embracing Automation and Integration
As the speed and complexity of cyberattacks intensify, Moser emphasizes the criticality of tightly integrating security solutions with orchestration and automation tools. He declares:
“We understand that the speed and complexity of attacks will continue to increase each and every year. We know that it’s critically important that the security solutions we put in place are tightly integrated with security orchestration and automation tools.”
While machine learning and automation will certainly enhance outcomes, such as response times, accuracy and remediation, especially for repetitive tasks, attracting, training and retaining skilled security personnel (including engineers, analysts and architects) must be an integral part of any comprehensive security strategy. By leveraging automation technologies, organizations can optimize their efforts in protecting the business.
The Future Looks Bright
Under Moser’s leadership, Sabre has seen reduced and controlled expenditures, decreased complexity through platformization, and achieved heightened alignment across the organization. The comprehensive and effective security posture of Sabre today is a testament to his dedication and expertise in the field.
Moser concludes with a powerful statement:
“The use of this automation is our way of staying ahead of attackers to be able to detect, respond, and mitigate the threats against us. And, combined with Cortex XDR’s Precision AI, we have the added power of machine learning, deep learning and generative AI to ensure real-time security for even greater, more efficient security outcomes.”
In the ever-evolving cybersecurity battleground, AI emerges as a game-changing force, empowering organizations to enhance their defenses, accelerate threat detection and response, and fortify their overall security posture. As trailblazers like Sabre embrace the power of AI, they pave the way for a future where human ingenuity and artificial intelligence converge to safeguard digital frontiers.
This article originally appeared on the Palo Alto blog on May 28, 2024. Reprinted with permission.