"Threat actors have access to the same technology that we do. They’re innovating just as we are. The question is, how can we stay one step ahead?" - Shailesh Rao, President of Cortex, Palo Alto Networks
Security teams worldwide all experience a similar shared frustration: the overwhelming volumes of low-fidelity alerts and false positives that SOCs receive every day. These alerts often lack context and require arduous manual investigations – something even our teams label “soul-crushing work.”
Eliminating the burden on SOC analysts is mission-critical to proactive threat hunting and supercharging risk posture. So, how can business and security leaders reduce alert fatigue while driving value in human-centered SOCs?
I had the pleasure of speaking with Shailesh Rao, President of Cortex at Palo Alto Networks. He shares his insights on modernizing the SOC by harnessing artificial intelligence (AI) and machine learning (ML).
Multiple Security Tools Lead to Gaps in Security Posture
From ransomware to espionage attacks, cyberattacks are becoming increasingly harder to defend against. Rao opens the conversation by sharing why many security leaders don’t feel confident in their ability to prevent zero-day attacks, and why too many security tools add to the risk:
“The industry is changing so fast that security officers find it almost impossible to keep up. Most CISOs I’ve talked to are frustrated because the adversaries are getting stronger. Many tools are limited, nonintegrated and only add to the confusion.”
Imagine that you have two security tools in your infrastructure. Rao explains that there are at least three points vulnerable to compromise – each of the tools and the interface between them. If you have three tools, that number becomes six points.
Rao says:
“I’ve talked to some companies that have 70 tools. It’s mind-boggling how exposed their enterprise is to millions of attack patterns that could take them down. This is what security officers deal with every day, and what’s driving the need for consolidation.”
Cyberattacks Are Accelerating
Our discussion delves into how cyberattacks are increasing in pace, and that is only expected to grow as AI is deployed for nefarious purposes. Malicious actors can use AI and ML to generate attacks at scale and overwhelm traditional cyber defenses.
This will have a tremendous impact on an organization’s mean time to detect (MTTD) and mean time to respond (MTTR). For example, our Unit 42 Incident Response team recently observed a breach where a threat actor exfiltrated 2.5 terabytes of data in just 12 hours. Considering that elusive threats can sometimes cause days or weeks of dwell time, security teams are pressed to improve their MTTD and MTTR metrics.
Rao also emphasizes that with the increasing pace of new attacks (many driven by AI), organizations need more than human analysts on the defensive. They need the help of security automation that empowers analysts to accelerate incident resolution and eliminate redundant tasks, such as manually digging through alerts:
"Organizations can’t let humans figure everything out. There aren’t enough humans, and they can’t get it right all of the time."
Why AI Must Be Accurate
AI in cybersecurity has seen tremendous progress in the past year, but Rao is clear on differentiating generative AI (like LLMs) from the AI used in cybersecurity.
Generative AI can read large volumes of datasets and generate code, assist in remediation, and even create presentations. But when it comes to cybersecurity, AI models must be extremely accurate. Security teams cannot afford to make mistakes, so AI should be held to the same level of vigilance. Rao says, “To solve the cybersecurity questions, you need to be meticulous. It’s okay for your paper on US History to have some hallucinations from a GPT, but a response to a piece of ransomware cannot hallucinate.”
A Look at Palo Alto Networks SOC
Building on our conversation about AI in cybersecurity, Rao uses our own security operations center (SOC) at Palo Alto Networks as a great example.
“At Palo Alto Networks, we only have 10 people running the SOC. The reason we’re able to run it as efficiently as we do is because of the AI and automation we’ve developed in our products. Our mean time to detect is down to 10 seconds and mean time to respond down to just minutes.”
Rao points to our AI-driven SOC platform, Cortex XSIAM, as the engine behind our nimble and highly optimized team. XSIAM consolidates security data from across the enterprise and stitches it together to automatically stop threats in real-time, requiring minimal human intervention. This drastically reduces the number of alerts analysts need to resolve and allows them to focus on more strategic and value-driven tasks.
Secure Your Organization with AI
As we wrapped up our conversation, Rao shared his final thoughts on the direction of AI in cybersecurity:
“AI is here to stay. It’s going to change lives. When you use solutions from Palo Alto Networks that consolidate best-of-breed into robust platforms, you get the benefits of all of that AI. You’re not siloing data across multiple different point solutions. You’re integrating data across a platform.”
In today’s rapidly changing threat landscape, security leaders now have an opportunity to rethink their defenses and use the latest in AI to protect their organizations. A platform approach is the best way to build an AI-powered risk posture and accurately detect and stop threats at scale.
Learn more about modernizing the SOC. Watch the full interview with Shailesh Rao.
The post AI and ML — The Keys to Modernizing the SOC appeared first on Palo Alto Networks Blog.
Article Link: AI and ML — The Keys to Modernizing the SOC