Winning the war against hostile AI starts with your own AI security operations centers

This article is part of VentureBeat Magazine’s special issue, “AI at Scale: From Vision to Feasibility.” Read more of the case here.

Facing increasingly complex multi-domain attacks due to alert fatigue, high turnover, and legacy tools, security leaders are embracing AI-driven native security operations centers (SOCs) as the future of defense.

This year, attackers are setting new records in the speed of intrusions by taking advantage of vulnerabilities in legacy systems designed only for perimeter defenses and, worse, trusted connections across networks.

Attackers shaved 17 minutes off the average results of cybercrime intrusions over the past year and reduced the average penetration time of cybercrime intrusions by 79 minutes to 62 minutes In just one year. The fastest hacking time was just two minutes and seven seconds.

Attackers combine generative AI, social engineering, reactive intrusion campaigns, and comprehensive attacks on cloud vulnerabilities and identities. Through this playbook, they seek to take advantage of vulnerabilities in organizations with legacy or no cybersecurity arsenals.

“The speed of today’s cyber attacks requires security teams to quickly analyze massive amounts of data to detect, investigate and respond to threats faster. This is the failed promise of SIEM (Security Information and Event Management). This is the failed promise of SIEM (Security Information and Event Management). : “Customers are hungry for better technology that delivers immediate time to value and increased functionality at a lower total cost of ownership.” Crowd Strike.

“SOC leaders must find a balance in improving their detection and blocking capabilities. This will reduce the number of incidents and improve response capabilities, ultimately reducing the time the attacker is present,” Gartner wrote in its report, Tips for choosing the right tools for your security operations center.

Native SOCs for AI: The Sure Cure for Swivel Chair Integration

Visit any SOC, and it is clear that most analysts are forced to rely on “swivel chair integration” because legacy systems were not designed to share real-time data with each other.

This means that analysts often rotate their wheelchairs from one screen to another, checking alerts and clearing false positives. Accuracy and speed are lost in the battle against increasingly multi-domain attempts that are not intuitively clear and distinct among the torrent of real-time alerts.

Here are some of the many challenges SOC leaders are looking to the AI-driven Security Operations Center to help solve:

Chronic levels of fatigue alert: Legacy systems, including SIEMs, produce a huge and growing number of alerts for SOC analysts to track and analyze. SOC analysts who spoke anonymously said that four out of every 10 alerts they issue are false positives. Analysts often spend more time sorting out false positives than investigating actual threats, which severely impacts productivity and response time. Making the SOC an AI native can make an immediate impact at this time, and it’s something every SOC analyst and leader has to deal with every day.

Continuing talent shortage and disruption: Experienced SOC analysts who excel at what they do and whose leaders can influence budgets to get raises and bonuses, more often than not, remain in their current positions. We thank organizations that recognize that investing in retaining talented SOC teams is essential to their business. A commonly cited statistic is that there is a global cybersecurity workforce gap of 3.4 million professionals. There is already a chronic shortage of SOC analysts in the industry, so it is up to organizations to close pay gaps and double down on training to grow their teams internally. Burnout is rampant in understaffed teams that are forced to rely on swivel chair integrations to get their tasks done.

Multi-domain threats are increasing dramatically. Adversaries, including cybercrime gangs, nation-states, and well-funded cyberterrorism organizations, are amplifying the exploit Gaps in endpoint security and identities. Malware-free attacks These attacks have increased over the past year, increasing in variety, size, and ingenuity of attack strategies. SOC teams protect enterprise software companies that are developing new AI-based platforms, systems, and technologies particularly severely affected. Malware-free attacks are often undetectable, rely on trust in legitimate tools, rarely generate a unique signature, and rely on fileless execution. Kurtz told VentureBeat that attackers targeting endpoints and identity vulnerabilities frequently move horizontally within systems in less than two minutes. Their advanced techniques, including social engineering, ransomware as a service (RaaS), and identity-based attacks, require faster and more adaptive security operations center (SOC) responses.

Increasingly complex cloud configurations increase the risk of attack. Its cloud intrusions It rose by 75% year-on-yearwhere adversaries exploit cloud-native vulnerabilities such as insecure APIs and identity misconfigurations. SoCs often struggle with limited visibility and insufficient tools to mitigate threats in complex cloud environments.

Data overload and tool proliferation create defensive gaps that security operations center (SOC) teams must fill. Legacy perimeter-based systems, including many decades-old SIEM systems, struggle to process and analyze the massive amount of data generated by modern infrastructure, endpoints, and telemetry data sources. Asking SOC analysts to stay on top of multiple alert sources and reconcile data across disparate tools slows their effectiveness, leads to burnout and prevents them from achieving the necessary accuracy, speed, and performance.

How AI improves SOC accuracy, speed, and performance

“AI is already being used by criminals to overcome some of the world’s cybersecurity measures.” warns Johan Gerber, Executive Vice President of Cybersecurity and Innovation at MasterCard. “But AI has to be part of our future, and how we attack and address cybersecurity.”

“It’s very difficult to go out and do something if AI is seen as a core tool; you have to think about it[as an integral part],” said Jeetu Patel, executive vice president and GM of Security and Collaboration at Cisco, He told VentureBeatciting my findings Cisco Cybersecurity Readiness Index 2024. “The word used here is to use AI natively in your core infrastructure.”

Given the many accuracy, speed, and performance benefits of moving to an AI-driven security operations center (SOC), it’s understandable why Gartner supports the idea. The research firm predicts that by 2028, multi-agent AI in threat detection and incident response (including within security operations centers) will increase from 5% to 70% of AI applications – primarily augmenting staff, not replacing them. .

Chatbots are making an impact

Central to the value that AI-driven Security Operations Centers (SOCs) provide to cybersecurity and IT teams is rapid threat detection and triage based on improved predictive accuracy using real-time telemetry data.

SOC teams report that AI-based tools, including chatbots, provide faster turnarounds for a wide range of queries, from simple to more complex analysis of anomalies. The latest generation of chatbots designed to streamline Security Operations Center (SOC) workflows and assist security analysts includes CrowdStrike’s Charlotte AI, Google’s Threat Intelligence Copilot, Microsoft Security Copilot, the Palo Alto Networks series of AI Copilots, and SentinelOne Purple AI.

Graph databases are fundamental to the future of SOCs

Graph database techniques help defenders see their vulnerabilities as attackers do. Attackers think in terms of traversing a company’s system graph, while security operations center (SOC) defenders traditionally rely on menus they use to navigate deterrence-based actions. the Arms race database chart It aims to make SOC analysts equal to attackers when it comes to tracking threats, intrusions, and breaches across the graph of their identities, systems, and networks.

AI has already proven its effectiveness in reducing false positives, automating incident responses, enhancing threat analysis, and constantly looking for new ways to streamline Security Operations Center (SOC) operations.

The combination of AI and graph databases also helps security operations centers (SOCs) track and stop multi-domain attacks. Graph databases are fundamental to the future of SOC because they excel at visualizing and analyzing interconnected data in real-time, enabling faster and more accurate threat detection, attack path analysis, and risk prioritization.

John Lambert, vice president of Microsoft Security Research, emphasized the critical importance of graph-based thinking for cybersecurity, explaining to VentureBeat, “Defenders think in lists, cyber attackers think in graphs. As long as this is true, the attackers win.”

AI-driven SOCs need humans in the middle to realize their potential

SOC companies that intentionally design human-centered workflows as a core part of their AI SOC strategies are better positioned for success. The overarching goal should be to enhance SOC analysts’ knowledge and provide them with the data, insights, and intelligence they need to excel and grow in their roles. Retention is also implicit in the design of human-centered workflows.

Organizations that have created a culture of continuous learning and view AI as a tool to accelerate training and achieve on-the-job results are already outperforming competitors. VentureBeat continues to see SOC companies placing a high priority on enabling analysts to focus on complex strategic tasks, while AI manages routine operations, while maintaining their teams. There are many stories of small victories, such as stopping an intrusion or a hack. Artificial intelligence should not be viewed as… Replace SOC Analysts Or for experienced human threat hunters. Instead, AI applications and platforms are tools threat hunters need to better protect organizations.

AI-driven security operations centers can significantly reduce incident response times, with some organizations reporting up to 50% decrease. This acceleration enables security teams to remediate threats more quickly, reducing potential damage.

The role of AI in SOCs is expected to expand, to include proactive adversary simulations, continuous health monitoring of SOC ecosystems, and advanced endpoint and identity security through Zero Trust integration. These developments will strengthen organizations’ defenses against advanced cyber threats.

Daily insights into business use cases with VB Daily

If you want to impress your boss, VB Daily has you covered. We give you the inside scoop on what companies are doing with generative AI, from organizational transformations to hands-on deployments, so you can share insights to maximize ROI.

Read our privacy policy

Thanks for subscribing. Check more VB newsletters here.

An error occurred.