Are AI-powered SOCs the future of cybersecurity?

By Alexey Lukatsky, Managing Director, Cybersecurity business consultant, Positive Technologies, discusses the need for advanced cybersecurity to face the increasing threats attacking various industries, and how Advanced SOCs significantly outperform traditional ones.

Recent major events have bore the brunt of cybercrime. Take, for example, the unlawful sale of Iran’s Hajj and Pilgrimage Organisation’s database and the hacking of the broadcast of Poland’s Euro 2024 match. They highlight the urgent need for robust security measures. In a recent report by Positive Technologies, the pivotal role of AI-powered Security Operations Centres (SOCs) is revealed in combating similar sophisticated threats across various industries.

The Evolution of Cybersecurity with AI

As technology advances, so does the complexity of cyber threats, which are challenging organisations to keep pace. Amidst this dynamic landscape, AI technology has emerged as a powerful ally in the fight against cybercrime. The report highlights the transformative impact of AI-powered SOCs. These systems not only respond to existing threats but also proactively hunt for potential risks, neutralizing them before they cause damage.

AI-driven security is an efficient and cost-effective solution for businesses of all sizes. By constantly learning from data patterns, AI systems can detect anomalies and stop potential attacks before they occur. This proactive defence is especially crucial during major events when cybercriminals target vulnerable organisations.

Traditional SOCs are Struggling

Traditional SOCs grapple with high data volumes and an overwhelming number of alerts, making them no longer sufficient in today’s threat landscape. In contrast, AI-powered SOCs offer a range of advantages that address these shortcomings:

Threat Neutralisation: AI systems can neutralise 85% of threats before they cause any damage.

Improved Detection: With a 50% improvement in detection accuracy, AI reduces the occurrence of false positives.

Proactive Threat Hunting: Advanced machine learning algorithms anticipate and prevent incidents before they escalate.

Scalability and Efficiency: AI can handle vast amounts of data, streamline processes, and reduce operational costs.

Real-Time Monitoring: Immediate threat response and quick adaptation to new threats.

AI detects certain classes of attacks

According to the SANS SOC Survey 2024 report, the main challenges in fully utilising SOC capabilities are a lack of automation and orchestration in incident analysis and response, as well as a shortage of skilled personnel and incomplete infrastructure monitoring. The first two issues can be addressed by using artificial intelligence technologies.

Experts, according to the report, are sceptical about the ability of artificial intelligence to detect malicious activity. This scepticism, in my opinion, stems from unjustified expectations about this technology. Many people believe that AI will solve all security problems and be able to detect even unknown attacks. However, this is not the case as the experience of Positive Technologies (one of the leading companies in the field of cybersecurity) shows.

We conduct some of the largest cyber exercises in the world, involving dozens of teams of attackers and defenders who implement various complex attacks for several days. This allows us to gather a vast amount of data for training our machine learning models. So far, artificial intelligence has only been able to detect certain classes of attacks. Therefore, it is possible to effectively combine various technologies for detecting malicious activity in SOC – requiring human participation and not. In the future, with the accumulation of training samples and the development and testing of new machine learning models, autonomous SOCs will be able to detect a vast majority of attacks.

Less time for analysis and response

According to research, 65% of SOC analysts’ time is spent on manual work related to the classification and investigation of incidents. In this process, analysts must answer questions such as “What is it?”, “Is this a false alarm?”, “What happened?”, “What could be the consequences?”, “What should I do in this case?” and “How should I proceed?”.

Given the lack of skilled personnel to answer these questions, it is possible to turn to artificial intelligence (AI) technologies such as SOC assistants or Co-Pilots built on large language models. We are currently testing these technologies both in our own products and at our Expert Security Centre (PT ESC). The results so far indicate that they can significantly reduce the time required for analysis and response. LLM can also be used to automatically generate playbooks for the SOC, helping analysts collect additional data and enrich incident information, speeding up communication with other teams, and performing other routine tasks that would otherwise take a lot of time and lead to an increase in detection and response times (MTTD and MTTR).

The Impact on Major Events

Major events, such as international sports competitions, political summits, and large-scale public gatherings, are a lucrative target for cyberattacks. These attract global attention, and this visibility can amplify the impact of a cyber attack, garnering significant media coverage and public attention. These events also generate vast amounts of data and deal with large quantities of financial transactions which are attractive to cyber criminals. All these reasons

Proactive Threat Management

One of the most significant advantages of AI-powered SOCs is their proactive approach to threat management. Traditional SOCs typically react to threats after they occur, which can result in significant damage. In contrast, AI-driven systems employ advanced machine learning algorithms to predict and prevent attacks before they happen.

This proactive approach involves continuously analysing data patterns to identify anomalies and potential threats. For instance, if an AI system detects unusual login attempts or data transfers, it can flag these activities for further investigation. This early detection allows organisations to address potential threats before they escalate into full-blown attacks.

Scalability and Cost Efficiency

Another critical benefit of AI-powered SOCs is their scalability and cost efficiency. Traditional SOCs often require significant resources, including manpower and infrastructure, to manage large volumes of data and alerts. This setup can be both costly and inefficient.

AI-driven SOCs, on the other hand, can scale effortlessly to accommodate growing data volumes without a corresponding increase in costs. By automating many of the routine tasks involved in threat detection and response, these systems reduce the need for extensive human intervention. This efficiency translates into cost savings and allows cybersecurity teams to focus on more strategic tasks.

Enhancing Overall Security Posture

Implementing AI-powered SOCs enhances the overall security posture of an organisation. By integrating these advanced systems, businesses can ensure comprehensive protection against a wide range of cyber threats. The continuous learning capabilities of AI mean that these systems are always evolving, adapting to new threats as they emerge.

Moreover, the combination of AI and human expertise creates a powerful defence mechanism. While AI handles the bulk of data analysis and threat detection, human analysts can focus on interpreting complex scenarios and making strategic decisions. This synergy between AI and human intelligence results in a more robust and effective cybersecurity strategy.

The future of cybersecurity lies in AI-powered SOCs. These systems not only offer superior threat detection and response capabilities but also provide scalability and cost-efficiency that traditional SOCs cannot match. By integrating AI into their security operations, organisations can stay ahead of cybercriminals, ensuring a safer environment for everyone involved.

It’s time to recognise the pivotal role AI can play in securing our digital world. Let’s leverage this technology to its fullest potential and build a safer future.

Image Credit: Positive Technologies

Survey reveals misalignment between cybersecurity and business goals in the UAE and KSA

Bybit opens global headquarters in Dubai on the heels of 50% increase in user base

DIFC Courts reinforces its commitment to sustainability following expansion of its digital infrastructure

NETSCOUT adds new data centre presence in Dubai with added Arbor Cloud Capabilities

Dubai ranks as the second most crypto-ready city in the world

LinkShadow reinforces its commitment to Saudi Arabia

Huawei Cloud’s Riyadh launch boosts Saudi tech advancement

Cisco unveils new data centre to enhance security services in Saudi Arabia

Survey reveals misalignment between cybersecurity and business goals in the UAE and KSA

Google Cloud announce significant new collaboration with Saudi Pharmaceuticals giant

KROHNE delivers insights to inspire the next generation of engineers in Oman

Oracle supports major project to accelerate Oman digital economy

Ooredoo accelerates cybersecurity in Oman with new deal

Omantel selects Ericsson to manage its nationwide multi-vendor networks

Oman TRA shares plans to accelerate 5G deployment

BDB launches “tijara” platform for SMEs

Bahrain achieves full nationwide 5G coverage

Batelco, SonicWall launch integrated security solutions for SMEs in Bahrain

Bahrain to offer COVID-19 test results on WhatsApp, Facebook Messenger

Infor supports Bahrain’s digital transformation

Infopercept opens its first Middle East office in Kuwait

Microsoft Compliance Manager now available in Kuwait

Commercial Bank of Kuwait gets mobile payments moving with Thales Digital Solutions

Ooredoo chooses Fortinet to deliver secure SD-WAN managed services in Kuwait

Zain rolls out first-ever 5G roaming service in MENA

Looking for the best label solutions in South Africa? Go OKI!

OKI is only going bigger in the South African market!

Huawei honours Women in Tech at Apps UP 2022

Amazon payment services launches in the MENA region

Egypt turns to AI to deliver COVID-19 diagnosis service to People of Determination

Vertiv extends partnership with MDS SI Group to enhance digital infrastructure solutions

Bosch sees 21% sales surge in the Middle East

“AI has been in Google’s DNA from the beginning – we are an AI-first company” – Tarek Khalil, Google Cloud

How companies can future-proof their business with Web3

“Diversity, equity and inclusion are a core part of our culture and values at AWS” – Yasmine Afifi

Gender Lens investing vital to economic recovery

Virgin Hyperloop unveils location for Hyperloop certification centre

TikTok taps Oracle as secure cloud provider

Zoom gets security boost with Keybase acquisition

Why collaboration is the answer to the successful roll-out of 5G

PROVEN Solution Collaborates with Rashid Center for People of Determination

Huawei Smart Classroom 3.0: To accelerate education intelligence in the Middle East & Central Asia

OPSWAT invests $10 Million in scholarship learning program to help close cybersecurity skills gap

Alef Education showcases the Alef Metaverse to improve climate education at COP28

Bybit and AUS unveil the tech talents of tomorrow

Huawei launches ground-breaking solar inverter at World Future Energy Summit

Middle East Energy to further boost their sustainability agenda

EDF UK selects Dynatrace to keep the power flowing

KROHNE harnessing the power of analytics to drive energy transformation

“All of us are pulling in the right direction for a better tomorrow” – Frank Janssens, VP at KROHNE

Above and ‘Beyon’ – New Money SuperApp launched in the UAE

New cross-border payments platform Digit9 launches in the UAE

Hub71 partners with global economic transformation specialist on MENA start-up ecosystem

Spheroid Universe coin to be listed on MEXC exchange

DIFC Innovation Hub launches AccelerateHER program

Catch up on the highlights from the GovTech Innovation Awards 2024

Innovating Finance: UAE’s Pioneering Role in the Blockchain and Crypto Landscape

Pioneering Sharjah’s Digital Revolution

Interview: Shaping a Secure World

Dubai Chamber of Digital Economy scouts Asia for tech start-ups

BD holds Healthcare Summit in efforts to build resilience and sustainability in regional ecosystems

Dubai Science Park study backs R&D localisation amid projected surge in UAE healthcare spending

MarkiTech expands GCC footprint

MoHAP Launches Health Sector’s First National Centre of Excellence for AI

Korian Benelux future-proofs residential Care with AI-driven solutions

Digitalisation key to accelerating construction development in Middle East, says Trimble

R&M Introduces First Single Pair Ethernet System to Support Middle East Smart Building Trend

To ‘upsmart’ your building, start with the elevator

Renters searching for homes online surge amid coronavirus fears

Emirati tech entrepreneur launches new app to ease Dubai’s rental woes

Brands Beware: The Application Generation Demands Seamless Digital Experiences

Opinion: Brands must respond to meet heightened customer expectations

Thriwe: Enhancing the Omni-channel experience

Navigating the Festive Cyber Landscape: Ensuring Online Safety during Holiday Shopping

Celebrate the Dubai Shopping Festival with Eros Electronics’ exclusive deals

VIGI by TP-Link introduces its free cloud-based video management system

IFS unveils global AI optimism rankings

Qualys announces the launch of Qualys TotalAI

Veeam brings data resilience to over 21 million Microsoft users

Intel introduces AI-optimized broadcast servers