Intelligent CISO Issue 08 | Page 39

FEATURE This only makes it more likely that anomalous activity could go unnoticed and cause real damage in the form of a material breach. The addition of ML to SIEM promises to reduce the human effort needed to secure networks. Expanding datasets can be analysed quickly with red flags waved so that security teams know where they should focus. Moreover, such technologies can move beyond the typical rules-based approach so that threats that are following new patterns are highlighted and then learned. As tactics evolve, so does NextGen SIEM. That being said, organisations that view ML as a silver bullet to their challenges will soon come crashing back to reality. While ML can analyse data quickly, it’s only as good as the data it’s reviewing making inaccurate or insufficient data sources a cause of concern. There may also be a lack of consistency in how each ML solution reports its findings. Furthermore, the business will need to calculate a comfortable balance between false positives and false negatives, with an increase in the former affecting the latter in the same way. Next-generation SIEM platforms should ultimately enable an organisation to have visibility into both known and unknown cyberthreats across the holistic attack surface. in this day and age. The time and effort it can take to investigate the sheer quantity of alerts, identify new attack trends, test www.intelligentciso.com | Issue 08 networks to uncover vulnerabilities, as well as manage a growing number of cybersecurity tools means that security teams are under increasing pressure as their resources are spread thinly. This means that each alert will still need to be checked, even if just to confirm that everything is OK rather than to deeply investigate and analyse every threat. u 39