T
Today’s organisations are facing
an increasingly different calibre of
cyberthreat. Modern-day hackers are
able to evade the preventative and
detective measures of both new and
old security infrastructures and are
unfortunately a daily probability for
security teams.
They are dealing with a class of threats
that leverage zero-day exploits, develop
targeted and stealthy malware, or
operate from within the perimeter as a
malicious insider or imposter.
The difficulty for organisations to detect
this class of threat, is having to find the
right balance between false negative risk
and false positive frequency. However,
technology such as Artificial Intelligence
(AI) can advance the science of threat
detection to accelerate the speed and
accuracy, while reducing the bane of all
security operations centres.
FEATURE
Next-generation SIEM
AI/ML-powered analytics is indeed
revolutionising the science of advanced
threat detection and will continue to
do so throughout the next decade. AI’s
greatest impact will be towards holistic
Enterprises must
find their own
balance when it
comes to false
negative risk versus
false positive
frequency.
False negative vs false positive
A false negative is a security incident that
was not detected in a timely manner. For
example, a phishing attack resulting in
a compromised user account that goes
unnoticed by the security team until more
damage occurs. A false positive, on the
other hand, is an alarm generated by
security systems that indicates a security
incident has likely occurred when, in fact,
everything is normal.
Enterprises must find their own balance
when it comes to false negative
risk versus false positive frequency.
Realistically, organisations that want
to reduce false negative risk will need
to accept increased false positive
frequency and staff their security
operations centre appropriately.
Unfortunately, some vendors sell AI
and Machine Learning (ML)-based
behavioural anomaly detection as
an easy button for advanced threat
detection and false positive reduction.
The silver bullet story is too good to be
true and organisations that believe it’s
easy are in for an unfortunate reality
check – likely to be realised in the form
of a high-impact and embarrassing
data breach.
www.intelligentciso.com
|
Issue 08
threat analytics, which is the ability to
detect and qualify threats with accuracy
wherever they might originate and with
whatever they might intersect – endpoint,
server, application, device or user.
Next-generation SIEM platforms should
ultimately enable an organisation to have
visibility into both known and unknown
cyberthreats across the holistic attack
surface. This pervasive centralised
visibility serves as the foundation for
holistic threat detection, creating an
incredible analytics opportunity for AI-
powered technologies.
Pervasive visibility enables sophisticated
scenario analytics to continuously model
data – recognising the occurrence
of complex scenarios that exhibit the
tactics, techniques and procedures
(TTPs) of known threats. The same
visibility also empowers deep behaviour
analytics, modelling a diverse cross-
section of behaviour across the IT
infrastructure and the users operating
within, allowing detection of subtle
behavioural shifts that might indicate
a potential or present threat. NextGen
SIEM should allow organisations to
optimise organisational false negative
risk versus false positive load.
37