As California, where Gurucul is based, rolls into another full lockdown over the Holidays and into the new year, it brings home the “New Normal” of a distributed workforce for any organization that can support it. We can’t go into the office even if we wanted to. Which means many of us are still working from home and trying to make the best of it. And why AI driven SOC automation is so important.
When I first wrote about this and presented a webinar on operating with a distributed SOC earlier in the year, we’d expected the pandemic to be on its way out before the end of the year. While the good news is that we may have a vaccine in distribution by year’s end, it seems likely we’ll have to be doing the Work-From-Home thing for at least a few more months.
The reality is that remote work is probably with us to stay in a lot of verticals, including Cybersecurity. I know that’s what most of my peers are saying, whether they’re developers, engineers, or practitioners. If they don’t have to go into the datacenter or otherwise do something on site, they rarely leave the house.
Queue jokes about never leaving mom’s basement in three, two, one.
We Talked About This
My original webinar talked about the move to a distributed workforce and shifting SOC operations in particular to a remote work model. The need hasn’t changed. If anything, it’s become more acute. Worse, at the same time, attackers have been evolving their techniques and improving their tools. They were already using the remote work model, so this is just a happy time for them, as their targets scramble to deal with a newly remote workforce.
Most Security Operation Centers have made the transition by this point, but they could still use help. Their challenges have gone up. Their workloads haven’t gone down. And they may have lost the edge that came from having a team working closely together, since there are some things that web meetings just can’t make up for.
That means they need a way to get their edge back. They need something that will take their existing security stack to the next level. So, something that will lighten their workload, improve their efficiency, and help them automate a lot of the day-to-day mundane tasks that eat into their time. The team can’t focus on priority items if they can’t see the priority items, because they need to wade through hundreds of disconnected events.
That’s where AI driven SOC automation comes into play.
Let the Machine work
The way 2020 went down, some might predict that 2021 is the year that breakthroughs in quantum computing will lead to true artificial intelligence, which will in turn lead to the robots rising up and killing us all. Fortunately, AI in our context is less menacing.
Security analytics, driven by an AI behind the scenes, helps the SOC focus on the important issues first by identifying them and giving them context, and then by driving improved automation behind the scenes that can reduce their workload dramatically.
That workload reduction is a key here. There are a range of risks that security analytics can identify and react to on its own. This is especially useful with events that aren’t individually high risk but taken in context with other events makes them stand out. Humans are great at seeing patterns, but not so great at seeing patterns through a massive flood of data. That’s exactly what the AI is best at though, which makes it a perfect fit. It can also react to those events quickly before they can escalate. By the time a Security Operations analysts sees the elevated risk score, the system’s already started the mitigation process.
Another advantage is in response, where an analyst manually triggers the mitigation and remediation process after identifying a problem. With normal rules-based responses, everything happens according to plan. While that’s a Good Thing™ it may not always be the ideal thing. With an AI driven SOC automation in the loop, the response can adapt automatically to the situation as it is not just as it was planned for. Overall, it is another way to make the[security] team more effective.
Watch the Webinar
If you want to know more, check out the presentation on the subject. It expands on some of the ideas we talked about the last time I covered the subject.