Improving cybersecurity triage through AI & deep learning

Share
Arcanna.ai is designed and built to enhance teams of experts with AI, allowing them to extract insights and automate time consuming processes

Cyber security teams across all business types are bombarded with thousands of alerts on a daily basis. These need to be investigated and analysed to decide which to prioritise for further analysis and investigation by experts. This process is currently done manually in many organisations but will soon no longer be either an acceptable or scalable approach. This is because these teams are overwhelmed with alerts from security tools such as information and event management (SIEM) or endpoint detection and response (EDR) mostly due to growingly volumes of generated alerts.

This means  analysts look at only a small fraction of the daily thousands of alerts leading to threats that go unnoticed for weeks or even months which can have serious consequences.

Tidying up the triage

There are two main issues which arise from the current triage process. The first is alert storms which are periods of time when alerts overflow the ordinary rate, caused by vulnerabilities, targeted attacks, misconfiguration, or user negligence. This means SOC analysts fall behind on those alerts they need to look at and in turn can lead to business-critical damage, disruption, downtime or income loss.

The second is alert fatigue. This is when the personnel regularly dealing with the alerts experience high stress levels and can lead on to a loss of attention and then attacks can slip right past them.

Other challenges organisations face with the current method is lack of experienced personnel due to skills shortage, a large portion of alerts being false positives and poor-quality alerts that lack the required context for analysis. The significant part of alerts received which are false positives leads to much wasted time in analysing and triage, therefore causing delay in finding the real incidents.

AI & Deep Learning smooths the process

Arcanna.ai, a Cognitive Automation platform that uses AI to automate processes, smooths the triage process by leveraging deep learning and automates the decision process for alert triage. Because the dataset required consists of alert events coming from various and any security tools and sensors, without being limited to certain compatible systems, Arcanna.ai is a domain-agnostic Cognitive Automation Platform.

It combines deep learning neural networks such as Long Short-Term Memory, automation and knowledge retention to automate the alert triage process in an efficient manner. This method enables Arcanna.ai to learn from expert knowledge and adapt to the particularities of the ecosystem in which it runs.

This model therefore becomes a representation of all the experts that have ever provided analysis and feedback and consequently acts according to their collective knowledge.

Siscale, the creators of Arcanna.ai, are currently running a crowdfunding investment campaign via SeedBlink where they have already received financing from 41 investors.

 

Share

Featured Articles

Cloudflare: How Technology Impacted the US Election

Cloudflare reports on traffic shifts and cyberattacks during the US election, highlighting global implications for digital democracy and cybersecurity

How Ferrari & IBM Will Drive F1 Fan Engagement

Scuderia Ferrari HP teams up with tech giant IBM to enhance digital experiences for Formula 1 fans through data analytics and innovative technology

How Social Media Bans are Impacting the Global Tech Industry

Governments are exploring legislations to restrict social media access for children as tech companies grapple with global regulatory challenges

How Perplexity AI Boomed From US$500m to US$9bn

AI & Machine Learning

IAG: How AI is Impacting the Aviation Industry

AI & Machine Learning

Contentful Webinar: How AI is Reshaping Content Management

AI & Machine Learning