Patricia Bleiker | May 4, 2020
You will get no argument from us that artificial intelligence (AI) is a tremendous advancement in cybersecurity. However, we disagree with the notion that AI eliminates the need for security analysts. Quite the contrary in fact, as our more than 20 years of experience in security has taught us that there is still no substitution for the human intuition of a veteran security analyst.
This is why the new Managed Detection and Response (MDR) cybersecurity service we launched today employs both, AI and security analysts to the fullest extent possible.
Alerts, so Many Alerts
While the course of a typical cyberattack has changed little, bad actors are constantly evolving their methods of attack.
In an effort to stay one step ahead, enterprises are adding new solutions to their security stacks to secure all possible attack vectors. These solutions – firewalls, intrusion detection and prevention, email, web and endpoint protection as well as CASB and so many others – are constantly monitoring and diligently sending alerts of potential threats. This is what they are supposed to do and they do it well, but if often results in security officers being overwhelmed with a torrent of false positive alerts they must evaluate in order to identify real threats.
Simple “brute force” is typically used for this purpose, as no systematic correlation is possible due to the heterogeneity and decentralized nature of the data. The sheer volume of data can lead to “alert fatigue” and results in almost 50% of incidents going unanalyzed.
AI to the Rescue
A solution is the application of AI – and machine learning (ML) – to automate the recognition of new attack patterns from this confusing flood of data. The key is using a neural network that has been trained and optimized to recognize previous attack scenarios using historical log data. This enables the primary data to be abstracted, homogenized and correlated, in several phases, until finally only a few incidents remain.
While some argue the automation potential of AI reduces the need for staff, the reality is that AI improves the effectiveness of security analysts and that combining both is the best way to identify and contain threats early in the kill chain.
“By leveraging automated MDR attack pattern detection, SOC experts should target the tactics, techniques and protocols that are particularly difficult to detect via purely automated means, but which also cause the highest damage,” says Jason Bloomberg, president at analyst firm Intellyx.
Free from the constant deluge of alerts, security analysts can focus their attention on identifying threats that currently elude AI, taking advantage of the intuition that comes from years of experience.
Additionally, successfully applying AI tools requires professional integration and careful operation – from data aggregation to the creation and optimization of automated processes.
We have specifically designed our MDR service to maximize the advantages of AI and security analysts to provide our customers with “outcomes, not alerts.” Our dedicated team takes care of all the technology and provides 24/7 service, giving customers comprehensive security without the need to build and staff their own security operations centers (SOCs).
To learn more about MDR:
- Visit the our MDR Services page
- Learn how to increase your ROI with Open Systems MDR
- Read our latest white paper "Intellyx Report: How to Operationalize SIEM and SOAR in the Cloud"