Intelligent CIO Europe Issue 4 - Page 59

/////////////////////////////////////////////////////////////////////// FEATURE: THREAT ANALYSIS Evaluating AI-based analytics: demand answers, not alerts Artificial intelligence is increasingly being used to monitor and detect data breaches and also to protect online data. Security vendors are embracing AI to enable security teams to investigate data attacks with more precision says Barbara Kay, CISSP, Senior Director, Security Solutions, ExtraHop. P ut yourself in the chair of a Tier 1 security operations centre (SOC) analyst. You toggle multiple screens, flinch at each alert, worry over missed threat indicators and close out incidents without real confidence that you have uncovered the root cause. Within months, stress will turn to burnout, depression and job hunting. AI to the rescue? Security analytics vendors are embracing artificial intelligence to help SOC teams decide what to investigate, detect attacks other tools have missed and perform root cause analysis more successfully. AI aims to discern indicators of attacks from collections of loosely-related data. It helps prioritise those indicators that are materially interesting and automate aspects of investigation that slow and complicate the SOC. With so many vendors using the term artificial intelligence so loosely, it can be very difficult to evaluate claims without running a proof of value. However, specific data source, architecture and data science questions INTELLIGENTCIO 59