The Expert's View with Ajay Cherian

Advanced SOC Operations / CSOC , Analytics , Fraud Management & Cybercrime

Optimizing Security Operations Center Using AI

IBM's Ajay Cherian Offers Insights
Optimizing Security Operations Center Using AI

Making organizations safe from attackers and staying one step ahead of them is a tough proposition. Hence, identifying threats accurately with integrated user behavioral analytics and artificial intelligence is the way to go, as it saves invaluable investigation time. Invariably, the responsibility in achieving that falls on the security operations center team.

The goals of a security operations team are fundamental to business - not in just protecting critical systems, users and data, but also detecting and responding to incidents accurately, consistently and quickly while ensuring that they stay ahead of cyber criminals.

"Artificial intelligence bridges technology and skills gaps, unlocking a new partnership between security analysts and their technology." 

Even before we discuss deploying AI for better results, it's imperative to discuss how analysts at a SOC are organizing their tasks in responding to threats, the processes to counter them and what their inherent challenges are.

The security activities to counter cyber threats focus on three areas:

  • Threat and risk detection;
  • Investigation and qualification;
  • Governance and incident response.

Assuming there are three analysts tackling these, the tier 1 category analyst would focus on security monitoring, tier 2 on incident escalation and security analysis and tier 3 on conducting threat hunting. And then there would be a separate team to handle incident response planning.

During the process, the team uses a plethora of methods and mechanisms to discover threats. Some of these include using embedded intelligence programs, cognitive analysis and advance orchestration methods for instrumented alerting and security analytics, for manual security assessment and guided or automated response process activities.

A range of challenges encircles SOC teams, making their task of detecting threats early even more complex. These include:

  • Unaddressed threats: The information deluge makes it impossible to find what's useful and connected. Often, it is overlooked simply because analysts do not know how it is connected.
  • Insights overload: An overwhelming workload encompassing volume, variety and speed challenges SOC analysts to triage all relevant threats.
  • Dwell times getting worse: Lack of consistent, high-quality and context-rich investigations result in a breakdown of existing processes and high probability of missing crucial insights from the millions of emails, making it a risky affair.
  • Stakes at an all-time high: Teams face increased scrutiny from executive leadership, clients, employees, investors, regulators and insurance companies to uphold brand reputation, retain customer confidence and protect intellectual property.
  • Shortage of skills and job fatigue: Bridging the skill gap is time consuming as it requires confidence and maturity in investigating incidents.

Since investigating an incident is time-consuming and inconsistencies prevail due to skills gaps, there's got to be a better way to create a process for countering cyber threats.

Artificial intelligence bridges technology and skills gaps, unlocking a new partnership between security analysts and their technology.

IBM Security Intelligence and Incident Response addresses your 3 key focus areas:

Three ways to counter cyber threats:

Empower your security analysts to drive consistent investigations, speed up incidence escalations, reducing dwell times and increasing efficiency.

To know more about how AI can help, click here.

To view a webinar that explains how AI is used in optimizing the SOC, click here.



About the Author

Ajay Cherian

Ajay Cherian

Security Intelligence & Threat Protection Segment Leader - Asia Pacific

Cherian is responsible for Security Intelligence and Threat Protection Segment for IBM Security in Asia Pacific. This includes Security Operations Center Solution and Technology Sales, Channel Sales, Business Development, Client Acquisition & Retention, Key Account Relationships, Organisational Leadership, Technology Transformation Leadership.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.in, you agree to our use of cookies.