AI in SOC – Security Boulevard

AI and ML Jobs


Is there a hotter topic than AI right now? Generative AI took the world by storm when ChatGPT was introduced to the public. And it seems everyone quickly discovered that AI affects just about everything.

Of course, those in the security industry know this, but this new visibility has put more attention on how AI can be used in cybersecurity. While other industries fear AI will make jobs obsolete, cybersecurity uses AI in partnership with humans. And it’s most visible in the Security Operations Center (SOC).

How AI Can Benefit Your SOC

The SOC’s role in an organization is to enable real-time detection of potential threats 24/7. The SOC’s primary responsibilities include incident response, monitoring, log management, threat detection, recovery and mediation, and compliance management.

A breach of any of these responsibilities can result in a data breach, ransomware attack, or other cybersecurity incident, causing downtime, reputational damage, customer dissatisfaction, and financial impact.

SOC human resources come from security analysts and engineers, as well as threat hunters and other experts, depending on the size of the organization and SOC. However, due to a shortage of security personnel and high levels of burnout caused by the repetitive nature of SOC responsibilities, SOCs must rely on AI and ML to be effective. AI and ML will automate many of these tasks, freeing up analysts to perform other often-needed but often-needed duties to keep the SOC running at peak efficiency. to

“Current[SOCs are usually based on rulesets],” AgileBlue president Tony Pietrocola said in an email interview. “ML focuses on the ability of machines to interact with data, learn, and even change algorithms as they consume more data.

AI as a game changer for SOC

AI does what humans alone can’t even with SOCs: defending against dynamic and progressive cyberattacks.

But it’s not just the good people in the SOC who rely on AI. Threat actors are using AI to their advantage, whether it’s crafting more convincing phishing emails, developing malware, or launching attacks. The best defense against AI attacks is AI in the SOC.

“With the increasing use of AI in AI-based SOCs and managed EDR platforms, we will be able to determine potential cybersecurity breaches and take automated actions such as quarantining devices, disabling accounts, blocking IPs, and stopping command execution. We can take action,” says Pietrocola. Speed ​​is paramount in combating cyberattacks and reducing risk to your organization, and that’s where AI comes into play.

As mentioned earlier, AI is not in competition with security analysts. When used correctly, it can be your partner in the fight against cybercrime.

“Current security analysts are overworked, burnt out and understaffed,” said Pietro Cola. “AI provides SOC analysts with amazing technology to fight and win.”

Some examples of how AI can assist humans include:

• AI is great at automating root cause analysis

• Drive consistent and deeper investigations every time

• AI can read both unstructured and structured data, and more data than humans can read.

• AI provides the information needed to reduce mean time to detection and mean time to respond (MTTD and MTTR) with a faster and decisive escalation process.

• Adapt to cyberattacks on the fly during an attack.

• Enable robust, automated incident response (IR) workflows that span people, processes, and technology

Generative AI Enters SOC

It’s time to stop thinking of long-standing AI models and tools as the same kind of tools as generative AI. There are important differences between them.

“AI includes many techniques such as machine learning, natural language processing and behavioral analysis with the aim of introducing intelligent applications that can perform specific tasks,” explained Pietro Cola. . “Generative AI focuses on creating new content rather than directly deriving from input data, learning underlying patterns and structures in the data to generate new content similar in style and characteristics. ”

SOC allows generative AI to provide customer support. Providing customers with fast and accurate responses frees up analysts and engineers to focus on escalation and response activities.

“This makes everything more efficient, reduces employee burnout and slow hiring, and makes the SOC a strong part of the overall defense of an organization’s cybersecurity strategy,” said Pietrocola. I’m here.

Recent articles by author



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *