Today’s hybrid IT environments, which incorporate cloud and on-premise infrastructure, demand structural changes to agency security operations centers, or SOCs, to be better able to operate within cyberspace versus simply reacting to it.
SOCs face plenty of challenges: serving the needs of remote and teleworking employees, managing multiple cloud platforms, and dealing with the exploding number of IT-configurable devices on emerging 5G networks.
The structure of SOCs is already adapting and evolving to bring together defensive operations and the analysis of emerging threats with the strategic introduction of new technologies. The result is a mature, flexible, risk-based and cost-efficient approach to ensure the crown jewels of an enterprise remain secure.
One key to succeeding in this environment is to apply both automation and orchestration. Automation is applied to both defense operations and threat hunting, using a combination of artificial intelligence and machine learning. Orchestration manages how multiple sets of tools and platforms interact and are sequenced for incident response action sets.
Artificial Intelligence and Machine Learning
AI includes capabilities such as natural language processing, image recognition of objects, and pattern recognition through neural network models attempting to mimic cognitive functions of the brain. The term machine learning is frequently used interchangeably with AI, although there are distinct differences. ML algorithms use machines to learn about a given dataset. A subset of ML includes deep learning, which has shown a lot of promise in the cybersecurity realm
AI and ML are not only used in a next-generation SOC to enhance detection and prevention activities, but also, increasingly, to augment incident response actions such as containment actions, ticket creation, and user engagement to triage and/or validate a suspicious action. The applications of AI and ML reduce the time ..
Support the originator by clicking the read the rest link below.
