A naukri.com initiative
Kaspersky
3w
166
Image Credit: Kaspersky
Effective AI adoption for optimizing SOC analysts’ work
- Artificial Intelligence (AI) can be used to reduce the workload of cybersecurity professionals, particularly when it comes to the processing of suspicious events known as triage. By having AI handle simple cases, a more limited group of cases then needs to be addressed by humans. One such form of technology is the use of an Auto-Analyst. The Auto-Analyst aids in filtering out false positives from the SIEM system and only forwarding the ones with a high probability of a real incident to be reviewed by a human. It enables the SOC team to focus on more complex tasks with around 30% of alerts filtered by the AI system. Processes need to be put in place to allow AI to work effectively and accurately when it comes to cybersecurity, including controlling training data, prioritizing incoming data and interpreting the results. The Kaspersky Managed Detection and Response service provides continuous threat hunting, detection, and response for organizations, giving businesses a technological advantage while reducing their workload.
- AI cannot replace cybersecurity professionals, but it can certainly make their jobs easier.
- AI is particularly useful for processing suspicious events, known as triage.
- Kaspersky MDR has developed an Auto-Analyst that filters out false positives from the SIEM system and only forwards ones with a high probability of a real incident to be checked by a human.
- Processes must be put in place for AI to work effectively and accurately when it comes to cybersecurity, including controlling training data, prioritizing incoming data, interpreting results, selective review of results, and excluding AI analysis for certain alerts.
- The Kaspersky Managed Detection and Response service offers cybersecurity services that can reduce the workload of SOC teams, allowing them to focus on complex tasks.
- The Auto-Analyst is trained through supervising machine learning systems and CatBoost, which allows it to distil millions of alerts about potential threats into a smaller number of alerts.
- The AI system filters around 30% of alerts, freeing the SOC team to tackle more complex issues.
- By prioritizing incoming data, processes enable AI to work effectively when it comes to cybersecurity.
- The Kaspersky Managed Detection and Response service can be an advantage for businesses, enabling them to reduce team workloads while maintaining a high degree of cybersecurity best practice.
Read Full Article
10 Likes
For uninterrupted reading, download the app