How AI can help you pull your SOC up

Rapid7’s Craig Adams says modern cybersecurity is a bit like a game of Jenga for security teams. Here, he explains how AI could be the key to keeping the tower steady.

I’ll bet security operations centre (SOC) teams are superb Jenga players. They spend every day carefully securing a part of their organisation’s network, akin to removing a block from a Jenga tower. However, they soon discover that a new, unsecured piece of technology has been added – like a new block placed on the tower – demanding their urgent attention.

This cycle continues until eventually, the foundations wobble, and the whole tower comes crashing down. In Jenga, it’s only wooden blocks; however, a cyber incident can bring the whole business to a grinding halt, likewise a data breach can impact millions. All of a sudden, the tower falling is much more serious.

While essential for maintaining growth and a competitive edge, the continued expansion of network infrastructure means there’s an overwhelming number of security alerts to deal with, and SOC teams are often failing to properly prioritise cyberthreats as a result. The problem will only get worse, as digital transformation spending is forecast to hit $4trn by 2027.

But there is a ray of hope. Artificial intelligence (AI) offers a way for SOC teams to keep up with security demands and more confidently and completely deal with cyberthreats.

The SOC team’s current nightmare

Typically, SOC teams range from six to 20-plus people, depending upon the size of the organisation. However, on average, each SOC team receives 4,484 alerts per day. A 100-person SOC team would struggle with this many alerts, so imagine how a six-person team feels!

The barrage of noise each day creates a highly stressful and demoralising environment, especially when threats turn out to be false positives. It’s not just the mental toll, but thousands of alerts result in operational chaos, with delayed responses, overlooked vulnerabilities and heightened organisational risk.

Add to this the proliferation of endpoints, cloud-based applications, and interconnected devices and systems, SOC teams must also investigate and monitor environments that are constantly changing. In fact, only 17pc of organisations have a clear understanding of the full scope of their attack surface.

Managing and securing these environments essentially becomes impossible, leaving behind risks such as shadow IT, unmanaged devices and misconfigured systems. Each of these things represents an open door for cybercriminals to exploit.

While the SOC team essentially has one arm tied behind its back, cybercrime groups have developed a third and fourth arm, thanks to AI. These groups are leveraging AI tools and new techniques to create highly automated campaigns that take very little effort to initiate.

In phishing campaigns, AI can be used to swiftly identify key personnel at potential targets and learn about their work lives, making the scams more believable despite only half the effort needed.

When the challenges above are outlined, I’m not surprised that SOC teams are struggling, and I wouldn’t want to be in their position. Therefore, it’s critical that we turn the tide and make SOC teams’ lives easier – and this is where AI can help.

The helping hand SOC teams need

AI can play a critical role in supporting SOC teams by reducing response times and providing a better understanding of an organisation’s attack surface.

With AI’s capability to automate asset inventory and map large datasets, SOC teams can uncover blind spots, including shadow IT and other hidden vulnerabilities, which might otherwise remain undetected without resource-intensive, manual investigations.

Furthermore, AI consolidates data streams from different security tools, including endpoint detection systems, identity management platforms and cloud monitors. This unified view gives SOC teams a greater understanding of their entire attack surface, and the actionable insights help identify risks at a much faster rate.

AI also streamlines the triage process by intelligently categorising alerts and filtering out low-risk ones. It allows SOC teams to focus on high-priority threats and prioritise those that are being exploited or posing the greatest risk to the organisation, without being distracted by false positives.

These capabilities not only aid overwhelmed SOC teams but also enhance proactive security by helping to anticipate potential attacks. By integrating data from on-premises, cloud and hybrid environments, AI helps identify hidden or misconfigured assets that create vulnerabilities. It has also shown impressive results in detecting zero-day vulnerabilities and accelerating anomaly detection to isolate threats before they escalate.

Implementing AI into detection and response

With AI offering so much promise, it can be easy to get carried away and implement the technology simply to be among the first to adopt it. However, not rushing AI implementation and having a clear plan is critical.

‘AI is only as good as the person operating it’

Organisations need to start by identifying the gaps in their current detection and response technologies and processes. This ensures that the correct AI tools are purchased and implemented to address and manage the organisation’s unique challenges and environment.

When it comes to purchasing AI, several factors need to be considered. The tools should seamlessly integrate into existing workflows and be scalable to meet the ever-changing demands of IT environments.

Equally important is investing in SOC team training to ensure effective collaboration with AI-driven systems. Analysts must understand how to interpret AI insights and fine-tune algorithms for their organisation’s specific threats. AI is only as good as the person operating it. Ongoing education bridges expertise gaps and maximises AI’s potential.

Finally, success metrics should be established to measure the impact of investments. SOC teams can track improvements in mean time to detect (MTTD), mean time to respond (MTTR), and reduced false positives, enabling continuous optimisation and providing valuable ROI, which is often difficult to measure.

Stabilising the Jenga tower

Gartner has predicted that companies prioritising investments in continuous threat exposure management programmes “will realise a two-thirds reduction in breaches” by 2026, with AI-powered tools playing a major role.

With expanding IT environments and more dangerous cyberthreats, the security Jenga tower will continue to sway and wobble unless something is done. AI is the steel beam that will finally stabilise SOC teams’ efforts by providing more actionable insights, faster responses and better threat context.

By Craig Adams

Craig Adams is chief product officer at cybersecurity company Rapid7. He has extensive experience in helping enterprises build defences against cognitive security threats, helping to mitigate complex information operations and social media manipulations. Before joining Rapid7, he was the chief product and engineering officer at Recorded Future, helping security and IT teams improve their operations through effective security intelligence.

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.

Related Content

Samsung 990 Evo Plus Reviews, Pros and Cons

Network Traffic Types (With Examples)

Darktrace to acquire Cado Security to strengthen cloud forensic capabilities

Leave a Comment

Stay updated with Win99Update for the latest in tech, online earning, and digital trends. Explore practical tips and insights to thrive in the digital world.

Categories

Tech Trends

Science & Space

Finance Tips

Cryptocurrency

Online Earning

Health & Fitness

Quakes Links

About Us

Contact Us

Piracy Policy

Terms and Conditions

Contact Us

Phone: +91 9090909099

Email: info@example.com

© Win99update.com • All rights reserved