Guide points and observational AI to reduce false positives using AI

Coupled with the spread of cybersecurity tools, the growing deployment of cyberattacks is buried in security experts with alerts to flag potential threats. Vectra AI, which offers AI-driven, enhanced detection and response (XDR) capabilities, has found that 71% of SOC practitioners are worried about missing out on actual attacks buried in a flood of alerts. 72% of respondents said they hurt team productivity, while 62% were positive to security teams, saying it hurts team morale, while 59% on average said false positives would spend more time than true positives, while 62% said they would rather reduce false positives than catching true positives.

“A critical and lasting challenge”

“Falsely positive… poses important and sustainable challenges for the organization,” writes global professional services company KPMG. “These misleading alerts, which suggest potential security issues but turns out to be benign, can disrupt everyday operations and drain valuable resources time. Given this, security vendors are deploying the most AI-armed products aimed at reducing the number of false positives. One example is the Lloyd's Banking Group, which is running out of global correlation engines (GCEs) that use intelligent algorithms to analyze security alerts. MSSP and MSP's WatchGuard's new Total MDR service say the company is reducing detection and response times to an average of six minutes, bringing the number of false positives to less than a single per month.

Guide Points and Obcebo AI

Added to this mix is ​​a new partnership between GuidePoint Security, a MSSP that offers a variety of services, and Observo AI, a native AI data pipeline company. Companies integrate GuidePoint SOC, Incident Response, and Observo AI technology with threat intelligence services. This uses agent AI to monitor data patterns and pipeline performance to reduce noise, spot anomalies, and reduce the number of false positives. Right Data to the Right Tools, Ricky Arora, co-founder and chief operating officer of Observo AI, wrote in a blog post. “But the problem is not just the search, but the haystack itself. The amount of telemetry grows relentlessly, and most of it is unrelated to real threat detection. Heartbeat logs, repeated status updates, redundant debug outputs, and redundant events do not regularly contend most of the SOC's attention and infrastructure.

Sentiment Scoring

Advanced data pipelines use a technique known as “sentiment scoring.” This uses techniques to assign a relationship or risk ranking to each log or alert based on factors similar to event severity, known threat patterns, context of network behavior, correlation with threats, and correlation with historical Besen. Upstream – an alert that flags it with a reliability score or priority label that helps guide triage,” writes Alora. “If all alerts look the same, the actual threat is overlooked. Or it's too late. … By surfaceizing the most likely indicator of compromise first, sentiment scoring gives analysts a clear starting point.

Use AI and machine learning

Like most sectors, the trend in cybersecurity is to incorporate AI and machine learning, and reducing false positives is a key advantage. March Endpoint Security Vendor Emisoft integrates machine learning models into a behavior blocker tool to “ensure false alarms without compromising security, in order to significantly reduce false positives while maintaining a false negative rate of 0%. Before reaching an AI-driven system, it can adapt to new threats over time, continuously improve detection capabilities, and reduce the likelihood of false positives.”