A naukri.com initiative
Lastwatchdog
6d
280
SHARED INTEL Q&A: AI in the SOC isn’t all about speed — it’s more so about smoothing process
- Despite investments in threat feeds and automation platforms, intelligence struggles to translate into timely action for SOCs, as seen in the case of Volt Typhoon breaches continuing despite CISA advisories.
- Monzy Merza of Crogl advocates for building systems that learn and adapt to how an organization functions to bridge the gap between intelligence and action in cyber defense.
- Traditional playbooks fall short in operationalizing threat intel because they require reverse-engineering advisories into the SOC's context, creating friction and inefficiencies in responding to threats.
- Crogl's 'knowledge engine' differs from traditional SOAR platforms by adapting to messy, fragmented data and evolving team behaviors, offering adaptive workflows that reduce false positives and reflect real-world operations.
- Process intelligence, as emphasized by Crogl, involves understanding the unique workflows and norms of each organization to make smart decisions based on contextual knowledge rather than reacting to anomalies in isolation.
- Crogl rejected the typical SaaS model for transparency and control, allowing customers to inspect and trace every decision within the platform, aligning it with compliance frameworks and offering deployment flexibility.
- As AI becomes more embedded in SOCs, the focus is shifting towards tools that can adapt to evolving data and processes without breaking, as well as towards AI that not only provides answers but asks better questions to help analysts stay ahead of threats.
- Journalist Byron V. Acohido highlights the importance of making the internet private and secure and acknowledges the role of AI in contributing to the efficiency and effectiveness of SOCs in cybersecurity.
Read Full Article
16 Likes
For uninterrupted reading, download the app