Meet Ava, Your Newest Coworker: Advanced AI Security In Action
Security can often be a thankless job, a daily grind of reviewing alerts, helping out your teammates while trying to keep up with the latest and greatest techniques the attackers are using. The use of security AI has promised to help but a lot of times it turns out to be a lot of marketing with little in terms of practical benefits. So what does explainable and practical AI security look like?
A Day in the Life of a SOC Analyst
It’s your first day back on the rotation as a SOC analyst, and the TODO list looms large. Over the weekend you read about a new attack technique to compromise your environment, but hunting for that behavior will have to wait — the alerts demand your attention!
As you’re reviewing ticket number 50 for the day, you think to yourself “I bet I could automate a bunch of this.” But building reliable automation is a full-time job, and the aspirations to free yourself — and your entire SOC team! — from the slog just never seem to make progress. Meanwhile, last week a fresh college grad — bubbling with excitement for the interesting career she chose — joined the SOC. She’s got the right attitude and inquisitive mind to be great, but right now there’s a lot of learning on the job to do. As the most senior analyst, you know you’ll be mentoring her and spending a lot of time reviewing alerts that aren’t valuable, because being an effective SOC analyst takes time.
Today is going to be different, though. Your team has been evaluating a new vendor named Awake, and the Awake team is delivering a briefing this afternoon. As the senior-most analyst, you skeptically take a few minutes to connect to the platform and review the findings — what Awake calls “Situations.” In those findings you see the following:
You knew about this behavior — it was a breach detection platform you were using to test the technology, after all. But looking at the amount of information captured, you think to yourself “Wow, this company must’ve spent hours collecting and curating all of this information for the meeting.”
Joining the call, Awake goes over the findings, and you are amazed to find out that the only thing an analyst did to create the above was to add one single activity. The entirety of the remaining behavior was discovered, correlated, and visualized automatically by Ava, Awake’s virtual security analyst. Ava automatically asked the questions you would have asked, precomputed the answers and had them ready to go for you to review.
The call finishes, and you go back to your mound of tickets to resolve, which somehow grew by 15% just during the call–there’s a lot of work to do with the new college grad. But you smile anyway, because in the back of your mind you realize that when you deploy Awake, everything will change. The barrage of alerts will be reduced to a trickle of findings, and Ava will be there to support your junior analysts’ experience gaps. Hunting for those new attack techniques may very well be in your future, after all!
To learn more about what autonomous security looks like and what level of automation your program currently is at, download our whitepaper titled The 5 Levels of Autonomous Security: What level are you?.
Principal Threat Researcher
Dig Deeper with These Resources
Awake Security 2 Minute Explainer Video
What if security could think? What if it could sense danger, calculate risk, and react quickly based…
The Internet’s New Arms Dealers: Malicious Domain Registrars
This report dives into the results of a multi-month investigation that uncovered a massive global surveillance campaign…