AI SOC Analyst: the secrets of the emerging figure in the field of cyber security

With increasingly deadly and massive cyber threats, it is becoming increasingly complex to tackle the volume of data needed to successfully prevent, analyze and mitigate next-generation cybercrime. For this reason, for a few years now, Artificial intelligence is used, in its various forms, as an aid to threat intelligence and to evaluate the numerous alerts encountered daily in any SOC (Security Operation Center)hence the necessity of his emerging professional figureAI SOC Analyzer.

Artificial intelligence, especially machine learning, today is a perfect combination in areas where the human figure remains central, but must necessarily be supported when it comes to organizing and filtering large amounts of data, often heterogeneous, or correlating different data by receiving as objective evaluations as possible.

Artificial intelligence and cyber security

Today, artificial intelligence in cybersecurity is successfully used in the detection of robots, in the detection of unsorted digital threats, in the prediction of attacks and data breachcontinuous evaluation and monitoring, up to in Endpoint Detection & Response (EDR) technologies.. And the trend is up: GlobeNewsWire predicts that the artificial intelligence market in cybersecurity, will reach $ 46.3 billion by 2027.

Business communications: are yours really secure?

The Capgemini Research Institute, in its recent study on the reinvention of cybersecurity with artificial intelligence, Stresses the need to urgently strengthen cybersecurity systems with artificial intelligence, achieve a level of protection appropriate to the next generation of threats. This is a report based on a questionnaire completed by 850 high-level IT and cybersecurity professionals from 10 different countries, which shows that three out of four participants work in companies where artificial intelligence is already used to provide more immediate and effective responses to data attacks and breaches. And three in five respondents claim, among other things, that artificial intelligence improves the accuracy and efficiency of cyber analysts.

This is not the job of a cyber security analyst

An important parameter emerges from this data: artificial intelligence is now a necessary support for cyber security, but it certainly can not be self-managing, as some may imagine. Instead, cybersecurity analysts need to be more aware of this tool and know how to adapt it to specific and complex contexts in order to maximize its effectiveness. This is how the figure of the AI ​​SOC Analyst was born.

The data vary by source, but a study by SC Media, presented at the RSA conference in 2018, showed that 55% of in-house or managed business SOCs receive an average of more than 10,000 security alerts per day. And the trend is up. A huge amount, where, in fact, artificial intelligence, today, seems to be substantial help. Evaluations and decisions, however, must ultimately be made by real-life analysts.

Cybersecurity analysts, however, because of their training and experience, can only handle certain tasks that are inextricably linked to the quality of the alerts and reports they receive. And that’s why, in recent years, there has been a need for an intermediate element between them and cyber security systems. Named AI AI SOC Analyst, this group is involved in the development and adaptation of artificial intelligence models and technologies. in particular machine learning, in order to filter more and more effectively the volume of information received.

A kind of “human filter” on information that has already been filtered and processed by artificial intelligence, in order to pass a more concentrated and efficient distillation to traditional cybersecurity analysts.

A work of modeling artificial intelligence

The reason why this number was born and is increasingly in demand lies precisely in the exponential growth of these alerts. Where before 10,000 and over was the number of data from which few and accurate notifications were received, we now have to wipe out tens, hundreds, if not millions of data every day, to receive a few thousand alerts. And these can not be handled directly by the analyst: they must first be further skimmed.

A difficult, critical task, which can not be fully automated and where human contribution is necessary to configure specific parameters for each company, and which may differ from day to day. This AI AI SOC Analyst is a link between artificial intelligence and the human analyst, in which the comments and needs of the latter are collected, evaluated in a highly variable context and transformed into modifications and configurations for the former.

The Importance of the AI ​​SOC Analyzer

And this leads to the need to acquire and update such specific skills that can not fall within the remit of a traditional cybersecurity analyst: that of AI SOC Analyst is, quite simply, a different job.

The AI ​​SOC Analyzer is a figure who must have cybersecurity skills, but must also know the main SIEM systems and data collectors, such as JIRA or Splunk, and have high skills in data science. In addition, it is important for a SOC AI Analyst to know how to configure data collection and analysis tools to interface with artificial intelligence systems. or schedule those who are already present to adapt to needs that may change suddenly. And that requires programming and scripting skills, as well as, of course, knowledge of algorithms and artificial intelligence technologies.

The benefits of personalized artificial intelligence

The benefits of having one or more AI SOC Analysts on your team are many. On the one hand, the possibility of reducing the information load and increasing the quality, on the other hand, the possibility of reducing the false positives and negatives. In the meantime, increase the effectiveness of traditional cyber security analysis, maximize the investment of cyber security tools and platforms, improve the quality of life and satisfaction of the analytics team. And last but not least, the headline made you read this article: Reduce the chances of attacks and data breaches, or at worst, reduce their impact.

According to a 2019 study by the Ponemon Institute, in fact, The sooner a data breach is detected and mitigated, the less financial loss it will have. Just consider that, according to the study, a data breach with a life cycle of less than 200 days has a significantly lower cost ($ 3.34 million) than a data breach with a longer life cycle ($ 4.56 million). Here, too, the study argues, the use of artificial intelligence plays a key role.

It was 2019: today, 2022, we have to take a step forward and this step forward is to promote a new and strategic figure like that of AI SOC Analyst.


Leave a Comment