Enterprise IT security professionals believe that human expertise will always play a key role in detecting and stopping security threats.

That’s just one of the findings from a a survey we conducted of security analysts, CISOs, infosecurity experts, and security engineers at this year’s RSA global information security in San Francisco in April. The US RSA conference, being one of the largest gatherings of security experts in the world, provides an excellent occasion for sampling the views of IT security professionals about the state of their art.

And what did IT security professionals tell us?

  • They’re overwhelmed with security alerts.
    78 percent of respondents reported alert fatigue. This shouldn’t be surprising: the threat landscape is getting much worse. The typical SecOps team is facing a 40% year-over-year increase in advanced persistent threats and data breaches. Alerts—both real and false—are going through the roof.

  • The security automation they have isn’t working. 66 percent of those with dedicated threat hunting teams are not benefiting from the security automation they have.
  • The best possible approach to threat hunting combines security automation with human analysis Just because the automation systems they have now aren’t working, doesn’t mean that security teams don’t recognize the value of security automation. They consider it critical for effective security. But 79 percent believe it should be combined with human expertise to be effective.
  • Automation will never replace human expertise.93% told us it’s essential for SecOps to include a tradition human element.

Empowering SecOps teams with effective threat hunting tools is critical. The average data breach goes 206 days before being detected. That’s 206 days for an attack to spread through a network, infect multiple systems, and possibly exfiltrate critical data such as customer records, financial data, intellectual property, and login credentials.

Intelligent Automation that Combines Human Expertise with Advanced Analytics

Enterprises need a faster, more efficient way to analyze alerts and engage in proactive threat hunting.

That’s what we’re offering with our LogicHub platform.

The LogicHub Intelligent Security Automation platform automates threat hunting techniques like scoring, clustering, correlation, and mapping—in effect creating a digital map of a security analyst’s mind. The heart of the platform is the Threat Ranking Engine, which uses context–including context provided by security analysts–to enrich threat data. Using this enriched data, the platforms reduces billions of security events through scoring and classification to triage all threats for rapid resolution, dramatically lowering both false negative and false positive rates.

In line with the RSA survey responses, the LogicHub platform also provides an intuitive feedback mechanism that enables security analysts to apply their expertise to refine the platform’s performance. Unique in the security market, the LogicHub platforms gives SecOps teams the best of both worlds: human expertise along with the power of cognitive automation.

The results address the major concerns raised in the survey.

  • Reducing alerts SecOps teams are overwhelmed with security alerts, but by applying advanced machine learning techniques, the platform is able to reduce false positive alerts by 95%.
  • Leveraging powerful automation SecOps teams report that existing automation solutions–which often include security orchestration systems the automate routine tasks but fail to address threat hunting—aren’t working. But the LogicHub automates much of the more time-intensive
  • Applying and multiplying the effects of human expertise With its feedback loop, the LogicHub platform enables SecOps teams to take better advantage of human expertise, rather than discarding it.
  • Accelerating threat detection so that SecOps automation and efforts overall are more effective By capturing and automating the security analyst expertise about an organization's context and processes, LogicHub shrinks threat detection times 10X. In addition, by reducing time-consuming threat investigations, the platform free analysts to engage in more proactive threat hunting, enabling them to detect and stop threats before they cause major damage.

Blog

Related Posts

May 20, 2022 Willy Leichter

Automating Threat Detection: Three Case Studies

Demystifying the technology with case studies of AI security in action Many automation tools, such...

Learn More

May 17, 2022 Willy Leichter

It's Time to Put AI to Work in Security

While we’ve been talking about and imagining artificial intelligence for years, it only has...

Learn More

May 15, 2022 Tessa Mishoe

LogicHub Security RoundUp: May 2022

Hello, and welcome to the latest edition of the LogicHub Monthly Update! Each month we’ll be...

Learn More

May 9, 2022 Tessa Mishoe

Bad Luck: BlackCat Ransomware Bulletin

Blackcat Ransomware On April 19th of 2022, the FBI Cyber Division released a flash bulletin...

Learn More

May 6, 2022 Kumar Saurabh

Let Humans Be Humans and AI Be AI

LogicHub’s unique decision automation technology can build clients the ultimate security playbook...

Learn More

May 3, 2022 Kumar Saurabh

How to Build a Threat Detection Playbook In 15 Minutes or Less

Automating a threat-hunting playbook with the help of AI Many threat-hunting playbooks we build for...

Learn More

April 29, 2022 Tessa Mishoe

Integrating Better: What Can Integrations Do For Me?

Introduction Within the realm of security, there are many different toolsets and opinions on what...

Learn More

April 27, 2022 Willy Leichter

Beyond No-Code: Using AI for Guided Security Automation

SOAR Playbooks Outside of football, the term “playbook” is well understood by a relatively small...

Learn More

April 21, 2022 Willy Leichter

Goodbye Lonely SIEM, Hello MDR

When updating your systems from a pure Security Information Event Management (SIEM), choosing the...

Learn More

April 15, 2022 Tessa Mishoe

LogicHub Security Roundup: April 2022

Hello, and welcome to the latest edition of the LogicHub Monthly Update! Each month we’ll be...

Learn More