Lacework uses machine learning to integrate alerts

Machine Learning

Lacework added the ability to automatically correlate different alerts and severity events to help cybersecurity teams detect patterns used to launch cybersecurity attacks.

Kate MacLean, senior director of product marketing at Lacework, said the company’s Polygraph Data Platform update for anomaly detection uses machine learning algorithms and behavioral analytics. These updates not only reduce the time required to stop an attack, but they also help reduce overall cybersecurity fatigue.

Polygraph Data Platform is the heart of Lacework’s platform for securing cloud infrastructure and workloads by identifying misconfigurations, assessing threats, remediating vulnerabilities, and more.

Updates to the Polygraph Data Platform enable practitioners to automatically correlate and combine an average of 7-8 different events to reveal early indications of active attack sequences or tactics. In the event of a suspected intrusion or compromise, Lacework will generate a single composite alert.

Alert fatigue is one of the leading causes of cybersecurity staff turnover. Each cybersecurity platform an organization uses generates a constant stream of alerts. Many have been found to be false positives or duplicates of other alerts that have already been generated.

Lacework now uses machine learning algorithms built into its platform to streamline the number of alerts that cybersecurity teams need to investigate, MacLean said.

Streamlining alerts is critical because cybersecurity teams are overwhelmed when faced with a constant stream of alerts and are unable to identify real attacks hiding in the constant noise of alerts. During breach investigations, it’s not uncommon to discover that alerts that could have prevented an attack were ignored for some reason.

Reducing turnover is critical at a time when most organizations are still trying to fill one or more vacant cybersecurity positions. Machine learning algorithms and other forms of artificial intelligence won’t replace the need for cybersecurity professionals, but they will go a long way toward solving the skewed odds that have piled up against them. , most cybersecurity professionals believe that they are unlikely to succeed without these tools simply because they do not want to work for an organization that does not provide access to them.

Of course, it’s still early days in terms of how AI is applied to cybersecurity, but the number of tasks that can be automated will steadily increase as algorithms are exposed to more data. Each of these advances collectively increases the productivity of cybersecurity teams, as cybercriminals also leverage her AI to launch sophisticated attacks. In fact, cybersecurity teams are now embroiled in an AI arms race with well-financed cybercriminals.

It is too early to tell who will win the AI ​​arms race, but cybersecurity teams without access to AI capabilities will soon be at an insurmountable disadvantage.

Recent articles by author

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *