2nd Edition

Tracking the trends and news for IT and IT Security

Paul Davis

Utilizing AI to defend the Black Hat NOC

Utilizing AI to defend the Black Hat NOC>
CIO – cio.com
At this year’s Black Hat USA conference, Palo Alto Networks observed an alarming number of over 907 million real-time threat events, emphasizing the attractiveness of the event to threat actors.
To combat these threats, the network operations center (NOC) employed artificial intelligence (AI) as a key defense mechanism.
The NOC team utilized AI to automate the triaging of threats, allowing them to prioritize and focus on critical issues while reducing the time spent on routine investigations.
This workflow was achieved through a roughly 80-20 split, where around 80% of initial investigations were automated, freeing up human analysts to concentrate on the remaining 20% that required their attention.
Prior to the event, the NOC team equipped themselves with AI-powered tools, including Palo Alto Networks’ Cloud Delivered Security Services (CDSS), Cortex XSOAR, and Cortex XSIAM.
CDSS played a crucial role in expediting the threat analysis process.
By analyzing vast amounts of data, CDSS swiftly determined the presence of hidden threats, significantly reducing manual effort and allowing analysts to respond more efficiently.
In addition to leveraging existing AI-powered products, the NOC team also developed new code in real-time to address emerging threats.
Collaborating with the Cortex XSIAM team on-site, the NOC analysts shared their threat hunting processes, enabling the AI to replicate their decision-making logic and swiftly reach similar conclusions.
This synergy between humans and AI allowed the analysts to focus on complex threats while trusting the AI to handle simpler tasks with speed and accuracy.
The event showcased the importance of collaboration in the cybersecurity industry.
Palo Alto Networks joined forces with other vendors like Cisco, NetWitness, Corelight, Arista, and Lumen to protect the Black Hat conference.
The Palo Alto Networks team shared their CDSS subscription data with these vendors, who incorporated it into their own tools to bolster threat research processes.
Collaborative efforts, such as constructing new dashboards and sharing visualization tools, enhanced the collective ability to detect, analyze, and respond to threats effectively.
The article emphasizes that AI is not unique to threat actors but is also leveraged by IT security professionals to defend against evolving threats.
It underscores the necessity of embracing and leveraging AI within the cybersecurity industry to effectively protect environments.
The future of cybersecurity is envisioned as an interconnectedness of humans and AI, with both working together to identify and solve problems at a rapid pace.
Link: https://www.cio.com/article/656765/utilizing-ai-to-defend-the-black-hat-noc.html

Categories:

Tags: