AI, ML and NLP are set to revolutionise cyber defence, supporting threat intelligence integration, predictive analytics and auto attack disruption.
This is according to Guy Shannon, executive head – cyber security operations at Liquid C2, who was speaking ahead of ITWeb Security Summit 2024.
Shannon says AI will speed up event monitoring and correlation, and overcome the limitation of costs when it comes to security information and event management (SIEM). He says: “Organisations want to monitor all their assets, but their budgets often limit them to looking after only their ‘crown jewels’ – assets of highest value and risk.”
This can leave organisations vulnerable, he says. “AI helps by monitoring the entire estate and correlating events to help organisations prioritise risk. A typical telco generates billions of security events a month, so data mining is necessary. Events flow into a data repository – or SIEM – which takes logs and puts them together in a database and correlates the data and issues a story of risk. With AI assisting in processing the data, organisations can gain additional context and pass those insights onto the business with an executive summary of risk. This allows them to focus their efforts and resources on priority risks.”
“AI can be a game changer because it can be given access to the entire business and the SIEM, with natural language processing (NLP) helping it to understand the data in the context it was created. AI is now also able to look at text and understand it in its context, as well as understanding audio and video data to derive accurate context around what is happening in those files. This can also help address physical security and fraud risks.”
While AI and ML are currently being adopted mainly by major enterprises and pioneers such as Liquid C2 through their partnership with Microsoft Security Co-Pilot, Shannon expects these technologies to be widely deployed throughout the cyber security industry in the future including SME’s.
Shannon says Liquid C2 is now focusing on its AI partnership with Microsoft, with a view to deploying virtual level 3 SOC analysts. “These would correlate data and gain accurate context from huge silos of data and turn it into actionable intelligence. Further, AI technology could then communicate with various security controls and autonomously change their policies to block threats,” he says.
Empowering cyber defence: The future of SOC with AI integration
Guy Shannon, executive head: cyber security operations, Liquid C2
Guy Shannon will present a talk on day one of the two-day summit entitled ‘Empowering cyber defence: the future of SOC with AI integration.’
His presentation will outline how AI can enhance threat intelligence and how ML can predict future security incidents based on historical context stored in big data.
The ITWeb Security Summit 2024 will take place at the Sandton Convention Centre on 4 and 5 June.
For more information and to register for this event, go to https://www.itweb.co.za/event/itweb-security-summit-2024/
Share