Clearly, ChatGPT has placed artificial intelligence on everyone’s radar these days. But AI in mainstream business applications has been around for decades. In cybersecurity, AI can be used for data augmentation and attack simulation. It can also help detect anomalies in network traffic or user behavior to enhance overall threat detection and response.

As per a recent report, one area where AI has made significant strides is in threat alert triage efforts. In fact, with AI assistance, alert triage timelines can be cut by more than half. And this means a lot to hard-working cyber professionals who say they spend nearly a third of their time chasing incidents that aren’t true threats. AI-enhanced solutions might even help to retain hard-to-find cybersecurity talent.

SOC Teams Overwhelmed

It’s no secret that security professionals are among the hardest workers in the tech space. Today’s Security Operation Center (SOC) teams must protect an ever-expanding attack surface that extends across hybrid cloud environments. The sheer size and complexity of the terrain make it increasingly difficult to keep pace with rising attack speeds and volumes. Labor-intensive alert investigations and response processes consume scarce resources. Cumbersome manual data evaluation between disconnected data, tools and interfaces wastes time. Plus, there’s a lot of cyber noise out there that can bog down security efforts.

In fact, according to a recent survey, SOC professionals say they spend nearly a third of their time investigating and validating incidents that are not real threats. More than 80% of those surveyed say that manual investigation of threats slows down their overall threat response times. And 38% say manual investigation slows them down “a lot”. Meanwhile, nearly half of those surveyed (46%) say that the average time to detect and respond to a security incident over the past two years has increased.

So more time is getting wasted on low-priority and false positive alerts. Meanwhile, incident response times are increasing. The result? Poor threat detection and weak attack resilience capabilities. This is why leaders of weary SOC teams are increasingly adopting AI-based solutions.

AI-Powered Cybersecurity Solutions

AI-powered capabilities have been shown to significantly improve the speed and accuracy of SOC operations. For example, AI enables IBM Managed Security Services to automate more than 70% of alert closures and reduce its alert triage timelines by 55% on average within the first year of implementation, as per a recent report.

AI-powered alert triage automatically prioritizes or closes alerts based on AI-driven risk analysis. This type of triage uses AI models trained on prior analyst response patterns, along with external threat intelligence and broader contextual insights from across detection toolsets.

“In the face of a growing attack surface and shrinking attack timelines, speed and efficiency are fundamental to the success of resource-constrained security teams,” said Mary O’Brien, general manager, IBM Security. “IBM has engineered the new QRadar Suite around a singular, modernized user experience, embedded with sophisticated AI and automation to maximize security analysts’ productivity and accelerate their response across each step of the attack chain.”

AI Keeps Gaining Traction

In a separate benchmark insight study, executives reported widespread adoption of AI for security operations, with 93% either already using or considering implementation. Also, leaders in security AI adoption have noted improved key cost performance measures. For example, by combining AI with automation, top performers increased their return on security investment (ROSI) by 40% or more and reduced data breach costs by at least 18%. These savings have helped free up funding for reinvestment in other cybersecurity needs.

By improving model precision and recall through machine learning, AI security solutions can help reduce alert fatigue for SOC analysts. This means that actual security threats (true positives) can be distinguished from ordinary events (false positives and true negatives).

AI can also enrich event analysis with contextual data insights. It also supports analyst inspection and investigation activities. With AI helping to improve the signal-to-noise ratio, analysts can focus on threats that pose the greatest risk.

AI Helps Retain Talent

By facilitating more efficient triage, escalation, review and remediation procedures, AI enhances security governance and compliance. Also, by automating manual, time-intensive tasks, AI reduces analyst fatigue. This helps improve the analyst’s ability to make better, more informed decisions. So SOC teams can work faster and with fewer mistakes. By routing the sheer volume of events through AI-enabled automated solutions, leaders can make the most of skilled human analysts and their hard-to-find skills.

The end result is a more satisfying work environment. Instead of wasting time on repetitive, dead-end tasks (false negatives), teams get to work on things that make a real difference. This rewarding environment can even help retain hard-to-find security talent. Who wants to work on mundane chores that have no real-world value? Instead, people want to be challenged with actual problems that lead to observable, positive results.

Beyond AI-Enhanced Triage

Threat triage is only one area where AI can improve processes and make SOC work more rewarding. For example, IBM’s QRadar Suite features dozens of mature AI and automation capabilities that have been refined over time with real-world users and data. It also includes innovations developed in collaboration with IBM Research and the open-source security community. Beyond faster, more effective threat triage, other AI-based benefits include:

  • Automated Threat Investigation: Identifies high-priority incidents and automatically launches an investigation by gathering artifacts and evidence via data mining across environments. The system then generates a timeline and attack graph of the incident based on the MITRE ATT&CK framework and recommends remediation actions.
  • Accelerated Threat Hunting: Uses open-source threat-hunting language and federated search capabilities to help threat hunters find attacks and indicators of compromise across their environments. All this happens without moving data from its original source.

While ChatGPT has thrust AI into the spotlight, security teams have been well aware of the benefits of AI-assisted security for some time now. And the results are there to prove it.

More from News

Spot Fake Extortion Attacks Without Wasting Time and Money

3 min read - Ransomware attacks — the scourge of businesses, schools, hospitals and other organizations — follow a familiar pattern. Shady criminals contact an organization, telling them their company or customer data has been breached, encrypted and/or exfiltrated. Pay us money, or we’ll publish your data. In 2022, some 41% of victims paid, according to cyber-intelligence firm Coveware, rewarding the extortionists for their efforts. (Payment is declining every year, down from 76% in 2019.)That knowledge no doubt inspired lazier, less-skillful scammers into action. In…

3 min read

High-Impact Attacks On Critical Infrastructure Climb 140%

4 min read - Prior to the pandemic, cyber-sabotage attacks on manufacturing plants were non-existent. Today, the situation has changed dramatically. As per a recent report, attacks that led to physical consequences in process manufacturing, discrete manufacturing and critical industrial infrastructures impacted over 150 industrial operations in 2022. In addition, the total number of attacks increased 2.4x over the previous year. At this rate of growth, cyberattacks may shut down up to 15,000 industrial sites within the next five years. Growing Threat to OT…

4 min read

Congressman Proposes Act to Improve K-12 Cybersecurity

2 min read - When Iowa Congressman Zach Nunn served on the White House’s National Security Council, he witnessed the dramatic impact of cybersecurity incidents. Nunn became especially concerned about how cybersecurity crimes impact schools and their ability to educate students. He also realized how the growing threats have been making it easier to disrupt not only individual schools but entire school systems. “These are no longer attackers in basements or individuals who intend to do harm for a one-time profit,” Nunn told KGLO…

2 min read

Proven Methods to Prevent Human-Based Security Mistakes

4 min read - The most recent Verizon Data Breach Investigations Report reveals the human element continues to be a key driver of 82% of breaches, including social attacks, errors and misuse. Undoubtedly, human error generates massive security headaches. Meanwhile, the rate and cost of cyber breaches continue to climb. Why is it then that over half of employed people don’t have or don’t use security awareness training? Maybe security teams don’t believe in security training. Or maybe they don’t know exactly what kind…

4 min read