Part
01
of one
Part
01
Artificial Intellegence (AI) is a major trend in the SIEM market. Which compnaies are taking advantage of this trend and how?
Hello! Thanks for your question about the Artificial Intelligence (AI) trend in the SIEM market. The short version is that AI, or machine learning, is breathing new life into the SIEM market by providing data management and interpretation instead of just collecting lots of raw information.
Below you will find a deep dive of my findings.
BACKGROUND
The term artificial intelligence (AI) is used interchangeably with the terms "machine learning" and "deep learning", but in fact AI is a much broader concept than is currently being used in the SIEM market.
HOW AI IS GENERALLY BEING USED IN THE SIEM MARKET
AI is being used to:
* Improve SIEM systems by adding analysis, ranking, and user behavior data to reduce the number of false security alert alarms, and increase the speed of detection of breaches.
* Help prioritize human analyst workload by creating a "risk score" that the human security analyst can easily interpret for each alert.
* Narrow down potential threats for human analysts to review and act upon. The human-updated, or validated, data is then used to improve subsequent AI data searches.
* Detect zero-day threats rather than the industry average of threats being detected 140 days after breach.
* Identify malware's individual patterns by comparing features to known malicious files' feature sets--even if it's disguised as benign software.
* Provide advanced warning of attacks like denial of service (DoS) by real-time monitoring of social media and the dark web--allowing businesses to ward off a potential DoS.
* Define user behavior analysis (UBA) of an enterprise's normal network activity so that unusual behavior (threats) can be more easily detected, assessed, and neutralized.
ADDITIONAL FINDINGS
Several articles warned that malicious AI systems should be expected in the future, and that AIs are best used with human decision makers.
COMPANIES TAKING ADVANTAGE OF THE AI TREND IN SIEM MARKET
* Microsoft has developed Microsoft Advanced Threat Analytics, using proprietary algorithms related to user and entity behavior analysis (UEBA) and machine learning to identify threats quickly and adapt as malicious attackers adjust their methods.
* PatternEx has teamed with MIT researchers to develop Artificial Intelligence Squared (AI2). The AI2 system scans the organization's data for signs of attack and sends its results to a human security analyst who validates real threats versus false alarms. The AI2 system then learns from the human validation, improving its accuracy. PatternEx claims the AI2 system can review 3.6 Billion lines of log files a day with an 85% threat-detection rate.
* IBM has loaded its X-Force security research library (20 years worth) as the knowledge base for its AI solution: Watson for Security. The cognitive security system will learn from the library of security threats and input from security analysts to improve its threat-detection accuracy and speed.
* Accenture's Cyber Intelligence Platform uses unsupervised and supervised machine learning to improve its ability to predict, defend against, and even attack malicious activity in real time. Accenture claims its platform reduces the average detection time from around 200 days to just a few days.
* Darktrace's Enterprise Immune System uses a proprietary mathematical and machine-learning method developed at the University of Cambridge called the Recursive Bayesian Estimation (RBE) theory that enables it to analyze large sets of data and draw conclusions from it. Darktrace also employs intelligence community experts to apply real-world security methods to enterprise cyber security.
* LogicHub just announced its entry into the machine-learning space, saying its new product will leverage the knowledge of experienced security analysts to make junior analysts making them as effective as their more-experienced colleagues. LogicHub's system uses threat ranking and pooled analyst knowledge to increase threat detection.
* AlienVault's Unified Security Management platform combines data analysis and access to a global community of threat researchers and security analysts to provide an enterprise-scale security system for mid-sized organizations with smaller budgets and staff.
* Sparkcognition is employing AI to deconstruct potential malicious files and correlate them with the components of known malware and safe software--learning to analyze files and predict threats. Oftentimes malware masquerades in benign software configurations so they look like safe files, but the Sparkcognition's AI technology can detect known malware elements even if they're in a different configuration and alert analysts to the threat.
* Vectra uses AI to detect malware attacks at all phases of the event through user behavior analysis, threat scores, and internal and external threat monitoring.
* CylancePROTECT uses AI to build predictive models to discover malicious attacks and to make autonomous decisions to block the files from executing.
CONCLUSION
To wrap it up, machine learning or AI is being used in the SIEM market to enable organizational security teams more quickly and efficiently react to the increasingly large number of cyber security threats closer to real-time, reducing the industry's current lag time average of 140 days before identification of a security breach.
Thanks for using Wonder! Please let us know if we can help with anything else!