Called “Transforming Alert Overload into Action: Leveraging AI-Powered Security Operations,” the webinar was hosted by the K12 Security Information eXchange (K12 SIX), a nonprofit focused on the unique cybersecurity needs of K-12 schools. It featured K12 SIX cofounder and National Director Doug Levin as well as Mike Lauer, national director of public sector for cybersecurity company Fortinet.
Levin made the case that any technology that could ease the burden of cybersecurity for schools is important to explore, arguing that AI “may not be the panacea that some hope, but there’s definitely some promise there.”
“The promise of AI is that it can help automate the identification of potential issues and, most importantly, speed up the remediation,” Levin said. “But, of course, there’s a lot of hype right now about AI, so it’s important to break through that hype and really understand what’s possible and maybe where things are going.”
Breaking through the hype, for many schools, may mean realizing that basic cybersecurity measures must be in place first. From there, if school tech teams want to take advantage of AI to save time and resources, they would need to ensure their applications are centralized on a single platform or otherwise highly interoperable.
“There are pros and cons to centralizing on a single platform,” Levin said, “but clearly the ability to take advantage of AI automation is a pro of unifying onto a platform.”
Part of the reason AI automation can be so powerful for schools is that it may allow district technology personnel, who are often what Levin calls “generalists,” to perform sophisticated cybersecurity tasks by prompting an AI with plain language.
During the webinar, Lauer demonstrated this on a Fortinet platform that incorporates a generative AI assistant. To show how threat hunting works with the assistant, he presented a slow server incident as an example. On a shared screen, Lauer prompted the assistant to “fetch the slow server incident.” In response, it displayed the incident number and the IP address of the backup server involved.
Lauer then prompted the AI assistant to “investigate the reputation” of the IP address. It reported the address as malicious and asked whether it should “check if other endpoints are communicating with this malicious IP.” Lauer typed yes, and the assistant identified two other affected endpoints. He reviewed the associated data, then instructed the AI tool to “quarantine affected endpoints.”
Handled manually, this remediation process could have taken anywhere from four to 15 hours, Lauer said. Using the AI assistant on a unified platform, it took about 10 minutes.
“You still have to put eyes on the glass, you still have to know what’s going on there, you still need to know your system,” Lauer said. “But at the same time, you don’t have to be a threat hunter to understand that there could be a threat that’s there, and you’re going to use AI to help you find that out, to get there easier.”
