AI is key to speeding up threat detection and response - Help Net Security

Time is the most important factor in detecting network breaches and, consequently, in containing cyber incidents and mitigating the cost of a breach. "Security event investigations can last hours, and a full analysis of an advanced threat can take days, weeks or even months. Even large security operations center (SOC) teams with more than 10 skilled analysts find it difficult to detect, confirm, remediate, and verify security incidents in minutes and hours," says Chris Morales, Vectra Network's head of security analytics. "However, the teams that are using artificial intelligence to augment their security existing analysts and achieve greater levels automation are more effective than their peers and even SOC teams with more than 10 members who are not using AI." Vectra Networks has polled 459 Black Hat attendees on the composition and effectiveness of their organizations' SOC teams. The group – a mix of security architects, researchers, network operations and data center operations specialists, CISOs and infosec VPs – were asked whether their SOCs are already using AI in some form for incident response, and 153 (33%) said Yes.