AI and data analytics are proven capabilities in cyber operations. Securonix believes that generative AI now can make advanced threat detection accessible in ways not possible before.
According to Securonix’s Chief Product Officer, Haggai Polak, the adoption of AI in cybersecurity is no longer optional but a necessity. With the overwhelming volume of data from devices, networks, and users, exacerbated by a shortage of skilled cybersecurity professionals, organizations simply can’t keep up using traditional methods.
Haggai emphasizes that AI allows security teams to process and analyze massive amounts of data at speeds impossible for humans alone.
This is crucial for detecting sophisticated threats that may otherwise go unnoticed.
Current Challenges in Security Operations
The chief product officer divided the world of cybersecurity broadly into activities that can be taken before and after a cyberattack – defense and prevention, detection and investigation, and then response.
“Cyber operations (in a security operations center, or SOC) is typically about threat investigation and response.And that is the world that we help organizations with.”
Securonix is essentially an analytics engine that ingests and analyzes a variety of data sources like logs, activities, HR data, and more to detect security incidents, threats, and policy/compliance violations.
The goal is to detect incidents as quickly as possible so as to reduce the mean time to detect (MTTD), and then provide the SOC analysts with the necessary context and information to investigate and remediate the incident.
Security operations centers (SOCs) are grappling with a number of issues not least of which is alerts fatigue, skills shortage, complexity in terms of too many security tools, too many disparate sources of data, and an over-focus upon ticking compliance checkboxes instead of on real security value.
Non-visibility into an organization’s holistic security posture can make it difficult to defend, much less respond to cyber threats and risks.
Optimizing the Data Tsunami
A Securonix roundtable led to one significant realization – a lot of problems in cybersecurity are actually big data problems. Solving this requires AI, and security systems need to be able to process and analyze huge amounts of high-velocity data of up to a million transactions per second, if not more.
In fact, security analytics is a feature that has existed in the cybersecurity space for the past 10 to 20 years. The use of AI and analytics to enhance cybersecurity operations is not new and has been a proven approach for many years.
Securonix had also recognized this from early on, and is heavily focused on AI innovation and adoption in their cybersecurity platform. For example, Haggai said it has the “most aggressive adoption of AI, data science and machine learning” in their platform compared to competitors.
This aggressive focus on AI innovation allows Securonix to keep up with the rapid advancements in AI and provide customers with the latest AI-powered security features and capabilities.
“What does generative AI and exponential growth mean for a vendor like us? It means we have to keep up with the technology, we need to build our platform in a flexible way so it can take advantage of innovation as quickly as possible.”
“We differentiate like we have in the last 10 years from innovation. We are not as big as some of the other platforms. We don’t have the marketing machines, or the influence within C suites like our competitors do. But we use the smaller size that we have as an advantage to move faster,” said Haggai. Intense focus on innovation has resulted in Securonix being regularly ranked highly in analyst reports and earning Magic Quadrant leader recognition, as well as having created many innovative solutions.
For example, the vendor has a Noise Cancelling SIEM capability, which uses machine learning to reduce alert volume and the number of alerts that analysts have to triage. This goes a long way in, helping analysts focus on the most critical threats.
Innovations in the horizon
Haggai was particularly upbeat about Securonix EON, its latest offering which was announced last April. This suite of AI-enhanced capabilities includes:
- Insider Threat Psycholinguistics: Leveraging Amazon Bedrock’s psychology-deciphering capability, Securonix provides entity and activity-based risk scoring to uplevel insider threat hunting capabilities. This industry-first feature enables users to accurately and efficiently discern the intent behind a user’s language and behavior, identifying potential malicious activity.
- Adaptive Threat Modeling: “Our AI can identify new attack patterns by analyzing rare events that may not fit known threat chains,” Polak explained. This allows for the detection of novel threats that traditional rule-based systems might miss.
This can help enhance investigations by enabling analysts and cyber operations teams to identify never-before-seen attack chains in near real-time, and recreate the full-picture of an attack more quickly.
- InvestigateRX: Customers no longer need to search for data from various sources because the coherent and context-aware information is delivered directly to the analyst. This is achieved via converting retrieved targeted and objective content. This AI-powered tool automates the initial investigation process, gathering relevant context and information to create comprehensive case files. “We’ve seen this reduce investigation time by a factor of 10,” Polak noted.
Gartner has conceptualized a solutions category for security systems that are designed to interoperate, exchange information, and overall create a more unified and effective security ecosystem. In essence, it can help to address the challenge of overwhelming volumes of data.
Securonix’s cyber data fabric aims to take advantage of this interoperability to unify data from the various security tools out there, so as to optimize ingestion, analysis, and ideally offer a consolidated data view from which organizations can make smarter and informed decisions.
The Future of AI in Cybersecurity
As cyber threats continue to evolve, the integration of AI in cybersecurity operations is becoming increasingly critical. Haggai also reflected on the final roundtable question posed by the moderator, “What does generative AI and exponential growth mean for a vendor like us? It means we have to keep up with the technology, we need to build our platform in a flexible way so it can take advantage of innovation as quickly as possible.”
He also opined that generative AI advancements actually also makes security more accessible to customers. An emerging concept called “the cybersecurity poverty line” refers to the fact that in the past, the bar to adopt adequate cybersecurity tools and solutions were fairly high, putting them out of reach for smaller and medium-sized businesses.
This is changing as AI-powered solutions can now be deployed and tuned more easily, without requiring expensive cybersecurity analysts. This is lowering the cybersecurity poverty line and making better cybersecurity tools and advanced threat detection finally accessible to organizations that previously could not afford them.