InterviewsSecurity

Boosting SOC Efficiency: The Impact of Automation and AI on Cyber Security

Mohan Raj, the Vice President for META & APAC Regions, says automation has become indispensable in today’s SOC environment. As cyber threats evolve at an unprecedented pace, SOCs must detect, investigate, and respond to these threats in real-time, often at wire-speed

What is the role of automation in enhancing the efficiency of a Security Operations Center (SOC)?
In today’s cyber arena, cyber security threats are evolving daily, with this rapid increase in threat vectors, the Security operations centre must detect, investigate and respond to these threats in real-time as much as in wire speed. Manually defending these threats would increase the mean time to detect (MTTD) and mean time to respond (MTTR), hence automation of the Threat Detection, Investigation and Response (TDIR) in the SOC is critical.

Enterprises need a people-centred Security Analytics platform like Gurucul’s REVEAL that automates these SOC processes and provides clarity, focus and actionable intelligence. This is how SOC analysts can outpace threats and discover the full potential of an informed, empowered SecOps.

How do you prioritise which tasks to automate in a SOC?
Automation in all layers of the Security Operations Center is possible with the advancement and adaptation of ML&AI in cybersecurity today. Right from the ingestion of the metadata or telemetry to the NextGen SIEM Solution (TDIR), to analyse the data, executing the analytics on the data using ML models and responding to these threats using a Dynamic SOAR that is natively present in the TDIR platform. Gurucul’s REVEAL can provide enterprises with end-to-end automation on all layers of the SOC by leveraging close to 4000 ML models and Generative AI (SME AI).

What are the challenges you’ve faced when automating security processes, and how did you overcome them?
Automation in Cyber security if not done accurately would create a lot of false positive alarms. ML models need to be trained accurately and should be built to do both supervised and unsupervised learning in real-life scenarios of SOC. Plus Risk scoring of all the alerts is required to quantify the severity of the alerts and to prioritize the response actions.

Gurucul’s REVEAL quantifies and normalizes risk on a scale of 0–100, so security teams can quickly and easily understand and prioritize the top threats to the business. Analysts can see a consolidated risk score for any user, entity, application, or asset across every transaction, entitlement, and activity—and then take decisive action using a library of fully customizable response playbooks configured to your organization’s unique criteria.

With just a few clicks, security teams can easily customize risk scores based on defined risk tolerance—so analysts know where to focus time and attention. REVEAL even allows teams to create custom groups for critical or sensitive entities like executive laptops, contractors, database servers, or critical business applications—and then elevates risk scores to help analysts respond when these groups are impacted.

What strategies have you employed to optimise costs in security operations without compromising security?
Gurucul brings complete visibility into security threats and data analytics while controlling volume, and complexity and reducing cost by at least 40%. By streamlining collection, filtering, normalization, enrichment, and routing, Gurucul prepares data for in-depth analysis to give you radical clarity into your cyber risk. the Gurucul Data Optimizer centralizes data from any source, for any destination, in any format, and across any data lake.

Choose from a library of built-in data integrations, quickly create custom connectors, or request a guaranteed integration within 48 hours. From there, you can easily customize parsers and fork data to a variety of third-party systems—including SIEMs, data lakes, and low-cost storage. Enterprises with Gurucul’s REVEAL can now route unwanted records to long-term, cost-optimized storage and send relevant data to any SIEM or to any data lake. Once the data is optimised, analysts can query all of it from a single console through a federated search to avoid ingestion and transfer costs.

What are the primary risks involved in migrating from a traditional SIEM to a NextGen SIEM?
Most of the legacy or traditional SIEM solutions adopt a closed architecture and don’t have open integrations or pipelines to transfer data or content libraries to be exported. Hence the NextGen platforms should have the capabilities to ingest data from the legacy SIEMs in the existing formats of these platforms and should also have a mechanism to replicate and enrich the threat content, use cases, etc that these traditional SIEMs would be configured for.

Migrating from a traditional SIEM to Gurucul’s REVEAL NextGen SIEM platform is made much easier with the direct integration that REVEAL has with all the third-party traditional SIEMs. Data integrity is ensured in the migration from 3rd Party SIEMs to REVEAL’s Data lake. The use cases can be enabled on the fly with logical mapping. The 4000 ML models of Gurucul’s REVEAL can run on the historic data from the migrated SIEM and build baselines for all assets, entities, Users and identities, thus making it ready for analytics on Day 1.

Show More

Chris Fernando

Chris N. Fernando is an experienced media professional with over two decades of journalistic experience. He is the Editor of Arabian Reseller magazine, the authoritative guide to the regional IT industry. Follow him on Twitter (@chris508) and Instagram (@chris2508).

Related Articles

Back to top button