One Article Review
| Source |  AlienVault Lab Blog |
|---|---|
| Identifiant | 8453135 |
| Date de publication | 2024-02-21 11:00:00 (vue: 2024-02-21 11:09:44) |
| Titre | Le SoC moderne de Next Gen propulsé par l'IA The modern next gen SOC powered by AI |
| Texte | AI is among the most disruptive technologies of our time. While AI/ML has been around for decades, it has become a hot topic with continued innovations in generative AI (GenAI) from start-up OpenAI to tech giants like Microsoft, Google, and Meta. When large language models (LLMs) combined with big data and behavior analytics, AI/ML can supercharge productivity and scale operations across every sector from healthcare to manufacturing, transportation, retail, finance, government & defense, telecommunications, media, entertainment, and more. Within the cybersecurity industry, SentinelOne, Palo Alto Networks, Cisco, Fortinet and others are pioneering AI in Cybersecurity. In a research report of the global markets by Allied Market Research, AI in Cybersecurity is estimated to surge to $154.8 billion in 2032 from $19.2 billion in 2022, rising at a CAGR of 23.6%. Challenges of the traditional SOC SIEM One of the challenges with the traditional Security Operations Center (SOC) is SOC analysts are overwhelmed by the sheer number of alerts that come from Security Information Event Management (SIEM). Security teams are bombarded with low fidelity alerts and spend considerable time separating them from high fidelity alerts. The alerts come from almost any sources across the enterprise and is further compounded with too many point solutions and with multi-vendor environment. The numerous tools and lack of integration across multiple vendor product solutions often require a great deal of manual investigation and analysis. The pressure that comes with having to keep up with vendor training and correlate data and logs into meaningful insights becomes burdensome. While multi-vendor, multi-source, and multi-layered security solutions provides a lot of data, without ML and security analytics, it also creates a lot of noise and a disparate view of the threat landscape with insufficient context. SOAR Traditional Security Orchestration and Automation Response (SOAR) platforms used by mature security operations teams to develop run playbooks that automate action responses from a library of APIs for an ecosystem of security solution is complex and expensive to implement, manage, and maintain. Often SOCs are playing catch up on coding and funding development cost for run playbooks making it challenging to maintain and scale the operations to respond to new attacks quickly and efficiently. XDR Extended Detection and Response (XDR) solves a lot of these challenges with siloed security solutions by providing a unified view with more visibility and better context from a single holistic data lake across the entire ecosystem. XDR provides prevention as well as detection and response with integration and automation capabilities across endpoint, cloud, and network. Its automation capabilities can incorporate basic common SOAR like functions to API connected security tools. It collects enriched data from multiple sources and applies big data and ML based analysis to enable response of policy enforcement using security controls throughout the infrastructure. AI in the modern next gen SOC The use of AI and ML are increasingly essential to cyber operations to proactively identify anomalies and defend against cyber threats in a hyperconnected digital world. Canalys research estimates suggest that more than 7 |
| Envoyé | Oui |
| Condensat | $154 $19 it the fortinet and iobs is platforms sentinelone solves triage 2022 2023 2032 a research abilities ability abnormal accelerate accuracy accurately achieving across action actions activities activity actual adapt adaptive adopting advanced adversaries adversary affected against ahead ai/ml alert alerts allied allowing almost already also alto among an alert analysis analyst analysts analysts: analytics analyze analyzing and adapt and network anomalies anomalous anticipate any api apis applications applies apply approach are around artifacts ask assess assessments asset assign attack attack surface attacks attacks faster augment automate automatically automation automation capabilities bad based basic become becomes been before behavior behavioral benefits better between bias big billion bombarded brings building burdensome business businesses by ai cagr can canalys capabilities capital case catch categorize cdr center centers certainly challenges challenging cisco cloud coding collected collection collects combatting combined come comes common complex compounded compromise computing confidence connected considerable consulting context continued controls correlate cost could covert creates criminals critical crucial curated curated cyber current cyber cyberattacks cybercrime cybercriminals cybersecurity cybersecurity: data datasets day days ddos deal decades decision decisions defend defense defenses depth details detect detected detection detections develop development devices differentiator digital discovery disparate disruptive distinct dive documentation driven dwell times dynamic dynamically ecosystem edr effective efficiency efficiently emails emerging empowering enable enables endpoint endpoints enforcement engineering enriched enterprise entertainment entire entities entity environment escalate essential estimated estimates ethical event events every evolution evolves evolving execute exfiltrate existing expensive experience exploits explore extended extensive fact false false positives fatigue fewer fidelity fight files filter finance five flows focus found foundation from from security functions funding further future future attacks gained gap gather gen genai generate generation generative giants global goes good good data google government great greater handed handling harder has have having healthcare help high holistic hot human humans hunters hunting hyperconnected identified identify identify vulnerabilities implement implications important improve improves improving in at&t’s incident incidents including incorporate increasingly indicators industry infiltrate information infrastructure initiatives innovation innovations insider insights insufficient integrated integration intelligence intelligence and intelligent intent intersection introduces investigate investigation investigations invisible invoke involvement iobs iocs is detected its its’ journey just keep key knowledge known lack lake landscape language languages large layered learn learned led level leverage leveraging library like likely llm llms logs lot low machine machine speed machines maintain make making malicious malware manage management managing manual manufacturing many market markets massive mature mean meaningful media meta metrics microsoft minimal minimize minutes misconfigurations missed mitigating mitigation model models modern more more accurately most mttd mtti mttr multi multiple nation national navigate ndr necessary network networks new next next steps noise normal number numerous observational occurs off often one openai operate operations ops optimize orchestration organization organization environment other other techniques others our cybersecurity out over overall overwhelmed palo paramount participants patterns penetration testing perceive perform performance performing phishing phishing campaigns p |
| Tags | Ransomware Malware Tool Vulnerability Threat Prediction Cloud |
| Stories | |
| Notes | ★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.