The cat and mouse game we play in the SOC has changed. Just a few short years ago, it was impressive if we were managing a million security events a day. Fast forward a few years and we are now dealing with billions. As a result: investigations are taking longer than ever, false positives are at an all time high, and most importantly; real actual attacks are taking place while we exhaust ourselves trying to prioritize and understand precisely where to focus our efforts. We don’t need to change the game – we need to own it.
Fortunately, new strategies with a foundation in big data, machine learning, and artificial intelligence (AI) are changing the game for us. Leveraging big data to deal with the sheer volumes of security data is not only the best economical choice, it paves the way for leveraging streaming analytics to accelerate incident investigations. It enables threat hunting across massive amounts of data and dramatically improves the ability to perform real-time detection.
AI is making the already highly capable humans in the SOC even more capable. Deep learning can improve the overall ability to detect threats, allowing the humans to focus their efforts and begin to understand the real attacks and dramatically lower the amount of time wasted on false positives. It is time to own this game of cat and mouse. What’s your next move?