Features, Insight, Opinion

Are AI-powered SOCs the future of cybersecurity?

By Alexey Lukatsky, Managing Director, Cybersecurity business consultant, Positive Technologies, discusses the need for advanced cybersecurity to face the increasing threats attacking various industries, and how Advanced SOCs significantly outperform traditional ones.

Recent major events have bore the brunt of cybercrime. Take, for example, the unlawful sale of Iran’s Hajj and Pilgrimage Organisation’s database and the hacking of the broadcast of Poland’s Euro 2024 match. They highlight the urgent need for robust security measures. In a recent report by Positive Technologies, the pivotal role of AI-powered Security Operations Centres (SOCs) is revealed in combating similar sophisticated threats across various industries.

The Evolution of Cybersecurity with AI

As technology advances, so does the complexity of cyber threats, which are challenging organisations to keep pace. Amidst this dynamic landscape, AI technology has emerged as a powerful ally in the fight against cybercrime. The report highlights the transformative impact of AI-powered SOCs. These systems not only respond to existing threats but also proactively hunt for potential risks, neutralizing them before they cause damage.

AI-driven security is an efficient and cost-effective solution for businesses of all sizes. By constantly learning from data patterns, AI systems can detect anomalies and stop potential attacks before they occur. This proactive defence is especially crucial during major events when cybercriminals target vulnerable organisations.

Traditional SOCs are Struggling

Traditional SOCs grapple with high data volumes and an overwhelming number of alerts, making them no longer sufficient in today’s threat landscape. In contrast, AI-powered SOCs offer a range of advantages that address these shortcomings:

  • Threat Neutralisation: AI systems can neutralise 85% of threats before they cause any damage.
  • Improved Detection: With a 50% improvement in detection accuracy, AI reduces the occurrence of false positives.
  • Proactive Threat Hunting: Advanced machine learning algorithms anticipate and prevent incidents before they escalate.
  • Scalability and Efficiency: AI can handle vast amounts of data, streamline processes, and reduce operational costs.
  • Real-Time Monitoring: Immediate threat response and quick adaptation to new threats.

AI detects certain classes of attacks

According to the SANS SOC Survey 2024 report, the main challenges in fully utilising SOC capabilities are a lack of automation and orchestration in incident analysis and response, as well as a shortage of skilled personnel and incomplete infrastructure monitoring. The first two issues can be addressed by using artificial intelligence technologies.

Experts, according to the report, are sceptical about the ability of artificial intelligence to detect malicious activity. This scepticism, in my opinion, stems from unjustified expectations about this technology. Many people believe that AI will solve all security problems and be able to detect even unknown attacks. However, this is not the case as the experience of Positive Technologies (one of the leading companies in the field of cybersecurity) shows.

We conduct some of the largest cyber exercises in the world, involving dozens of teams of attackers and defenders who implement various complex attacks for several days. This allows us to gather a vast amount of data for training our machine learning models. So far, artificial intelligence has only been able to detect certain classes of attacks. Therefore, it is possible to effectively combine various technologies for detecting malicious activity in SOC – requiring human participation and not. In the future, with the accumulation of training samples and the development and testing of new machine learning models, autonomous SOCs will be able to detect a vast majority of attacks.

Less time for analysis and response

According to research, 65% of SOC analysts’ time is spent on manual work related to the classification and investigation of incidents. In this process, analysts must answer questions such as “What is it?”, “Is this a false alarm?”, “What happened?”, “What could be the consequences?”, “What should I do in this case?” and “How should I proceed?”.

Given the lack of skilled personnel to answer these questions, it is possible to turn to artificial intelligence (AI) technologies such as SOC assistants or Co-Pilots built on large language models. We are currently testing these technologies both in our own products and at our Expert Security Centre (PT ESC). The results so far indicate that they can significantly reduce the time required for analysis and response. LLM can also be used to automatically generate playbooks for the SOC, helping analysts collect additional data and enrich incident information, speeding up communication with other teams, and performing other routine tasks that would otherwise take a lot of time and lead to an increase in detection and response times (MTTD and MTTR).

The Impact on Major Events

Major events, such as international sports competitions, political summits, and large-scale public gatherings, are a lucrative target for cyberattacks. These attract global attention, and this visibility can amplify the impact of a cyber attack, garnering significant media coverage and public attention. These events also generate vast amounts of data and deal with large quantities of financial transactions which are attractive to cyber criminals. All these reasons

Proactive Threat Management

One of the most significant advantages of AI-powered SOCs is their proactive approach to threat management. Traditional SOCs typically react to threats after they occur, which can result in significant damage. In contrast, AI-driven systems employ advanced machine learning algorithms to predict and prevent attacks before they happen.

This proactive approach involves continuously analysing data patterns to identify anomalies and potential threats. For instance, if an AI system detects unusual login attempts or data transfers, it can flag these activities for further investigation. This early detection allows organisations to address potential threats before they escalate into full-blown attacks.

Scalability and Cost Efficiency

Another critical benefit of AI-powered SOCs is their scalability and cost efficiency. Traditional SOCs often require significant resources, including manpower and infrastructure, to manage large volumes of data and alerts. This setup can be both costly and inefficient.

AI-driven SOCs, on the other hand, can scale effortlessly to accommodate growing data volumes without a corresponding increase in costs. By automating many of the routine tasks involved in threat detection and response, these systems reduce the need for extensive human intervention. This efficiency translates into cost savings and allows cybersecurity teams to focus on more strategic tasks.

Enhancing Overall Security Posture

Implementing AI-powered SOCs enhances the overall security posture of an organisation. By integrating these advanced systems, businesses can ensure comprehensive protection against a wide range of cyber threats. The continuous learning capabilities of AI mean that these systems are always evolving, adapting to new threats as they emerge.

Moreover, the combination of AI and human expertise creates a powerful defence mechanism. While AI handles the bulk of data analysis and threat detection, human analysts can focus on interpreting complex scenarios and making strategic decisions. This synergy between AI and human intelligence results in a more robust and effective cybersecurity strategy.

The future of cybersecurity lies in AI-powered SOCs. These systems not only offer superior threat detection and response capabilities but also provide scalability and cost-efficiency that traditional SOCs cannot match. By integrating AI into their security operations, organisations can stay ahead of cybercriminals, ensuring a safer environment for everyone involved.

It’s time to recognise the pivotal role AI can play in securing our digital world. Let’s leverage this technology to its fullest potential and build a safer future.

Image Credit: Positive Technologies

Previous ArticleNext Article

GET TAHAWULTECH.COM IN YOUR INBOX

The free newsletter covering the top industry headlines