Is AI the Saint Bernard that can rescue those buried in the Security Operations Centre under an incident alert avalanche?
Imperva researchers surveyed IT pros during RSA 2018 in order to determine how security alert overload was impacting upon enterprise security teams. The results were released this week, and they make for sobering reading. The headline figures include 27 percent who are on the thick end of a million threat alerts each day, and more than half (55 percent) see in excess of 10,000 such alerts. It’s hardly surprising, therefore, that 53 percent also admitted their security operations centre (SOC) struggled to separate critical security incidents from harmless noise. Equally not surprising, although more than a little alarming, this influx of alerts led to certain categories being ignore completely by 30 percent of those surveyed. The false-positive effect meant that 56 percent admitted to ignoring alerts based on previous false-positive experiences. Only 10 percent said they hired more SOC staff to tackle the problem, with 57 percent preferring to ‘tune’ policy to reduce alert volume.
The whole AI thing is just hyperbole and nothing more. Show me one example where AI is being used, right here and right now, and I might change my mind.
Methinks that might be a trick question, Charles 🙂 I can give you a whole list of examples where ML is being used within the cybersec context, but your question leads me to think you are talking about AI beyond machine learning. Can you clarify and, indeed, define what you mean by AI?