///////////////////////////////////////////////////////////////////////
FEATURE: THREAT ANALYSIS
Evaluating
AI-based
analytics:
demand answers,
not alerts
Artificial intelligence is
increasingly being used to
monitor and detect data
breaches and also to protect
online data. Security vendors
are embracing AI to enable
security teams to investigate
data attacks with more
precision says Barbara Kay,
CISSP, Senior Director, Security
Solutions, ExtraHop.
P
ut yourself in the chair of a Tier 1 security operations
centre (SOC) analyst. You toggle multiple screens, flinch
at each alert, worry over missed threat indicators and
close out incidents without real confidence that you
have uncovered the root cause. Within months, stress
will turn to burnout, depression and job hunting.
AI to the rescue?
Security analytics vendors are embracing artificial intelligence to help
SOC teams decide what to investigate, detect attacks other tools have
missed and perform root cause analysis more successfully. AI aims to
discern indicators of attacks from collections of loosely-related data.
It helps prioritise those indicators that are materially interesting and
automate aspects of investigation that slow and complicate the SOC.
With so many vendors using the term artificial intelligence so loosely, it
can be very difficult to evaluate claims without running a proof of value.
However, specific data source, architecture and data science questions
www.intelligentcio.com
INTELLIGENTCIO
59