decrypting myths
Is AI the answer to the SOC ’ s problems ?
Artificial Intelligence has opened many doors for cybersecurity professionals , but it has also caused the attack surface to widen . Geert van der Linden , Cybersecurity Business Lead at Capgemini Group , discusses how SOCs can work smarter to lighten the load with technology and whether AI is the answer for all the SOC ’ s troubles . ybersecurity professionals
C have had a tough time of it recently . Their services have never been more in demand , but equally the cyberthreat landscape has never been more varied and sophisticated . The last 18 months have seen the rise of double extortion ransomware , record-breaking DDoS attack volumes . Any ambitious professional loves a challenge , of course , but there are limits and recent research has shown that three-quarters of security operations staff are feeling the strain .
With the cyberskills shortage a perennial issue – recent research puts the deficit at 3.1 million – clearly Security Operations Centres ( SOCs ) are not going to be able to simply throw manpower at the problem . They ’ ll have to work smarter , not harder , to lighten the load , and Artificial Intelligence may be the technology capable of doing the heaviest lifting .
Leveraging AI in the SOC
Against this backdrop of stressed-out , time-poor and stretched SOC teams , AI is already being used to try and better manage workloads and alert volumes . This makes sense , as the breadand-butter tasks of the SOC – threat identification , tracking and remediation – are the sort that AI excels at . They ’ re rote , mundane and time-consuming , the perfect fit for an AI .
With AI automating the majority of this workload , some of the pressure is taken off employees . This is crucial in a landscape that is lighter on skilled cybersecurity professionals and facing an ever-increasing deluge of attacks .
In addition to improving the quality and speed of analysis , AI technologies can also perform threat modelling and impact analysis – activities which have previously relied on the expertise of highly skilled cybersecurity professionals . In fact , AI has advanced so much so that it can provide insights that were previously impossible through solely manual analysis . For instance , some can identify when threats could result in attacks on the corporate network and shut down particular services or subnets based on activities determined to be potentially www . intelligentciso . com
67