InfoGuard Cyber Security and Cyber Defence Blog

SOC 2.0 – or the miracle weapon against cyber threats

Geschrieben von Michelle Gehri | 30 Mai 2018

Time is money. This is the motto in many areas of our lives. Even more so in cyber defence. Because every minute that goes by – every second even – could increase the damage caused by a successful attack many times over. To make sure this does not mean financial ruin or an image disaster in extreme cases, your cyber defence must be able to withstand the challenges posed by increasingly innovative cyber criminals. How? Among other things using artificial intelligence (AI). In this blog post, find out why a Security Operations Center (SOC) with AI works better than the competition and how you can also make this miracle weapon against cyber threats work for you.

An efficient Security Operations Center (SOC) is the starting point for any effective cyber defence. When it comes to measuring the performance of a SOC (or “Cyber Defence Center” as we call it here), two measured variables are paramount: the maturity level and the effectiveness. The first relates to the level of development in terms of the approach to managing cyber security risks. The second indicates how quickly a SOC detects an incident and successfully combats it. 


How well armed are companies against cyber threats?

To answer this, our partner, Vectra Networks, conducted a survey about SOCs and cyber threats with 459 participants at the Black Hat conference in 2017. Participants included in particular CISOs, security engineers and research specialists. Three groups were created for the analysis:

  1. SOC teams with over ten specialists working without AI
  2. SOC teams of any size working with AI
  3. SOC teams with over ten specialists using AI

For the survey, Vectra collected information about response times and response capability. What were the results? Put it this way: anyone still trying to manually ward off cyber attacks will have no chance in the future.


The secret ingredient of a successful Security Operations Center against cyber threats

The number of cyber criminals has grown considerably and hence, so has the number of attacks and their severity. Now, more than ever, it is a matter of detecting attackers centrally in real time. The most effective way of doing this is to combine the power of humans and machines. Specifically: to use artificial intelligence (AI)! Results from studies confirm precisely that, which comes as no surprise. According to the survey, even smaller SOC teams operate more effectively than large teams when the cyber security analysts are able to use artificial intelligence. Incidents are detected, confirmed and contained quicker.

Only one third of all SOCs use artificial intelligence for incident response purposes however. The majority of these have more than ten employees. Yet it makes sense for smaller teams to use artificial intelligence. With it, monotonous and tedious SOC tasks are automated, leaving specialists free to concentrate fully on the “real” challenges. And that is precisely what you and your team want, isn’t it?

Cyber threats – a race against time

The first hurdle is usually detecting the threat. According to the survey, 37 percent of SOC teams with more than ten employees manage to detect threats within a few minutes – and that is without AI. But even the smaller teams hold up well in comparison meaning the human aspect cannot be the crucial factor. The key element here – you guessed it – is the combination of human beings and machines. These groups are highly likely to discover the threat within minutes.

After detection, it falls to the analysts to confirm the threat and assess the risk. In SOC teams without AI, a meagre 14 percent managed this within a few minutes. 42 percent of the larger teams working with artificial intelligence managed it. 

Put an end to cyber threats with artificial intelligenc

Containing a threat, on the other hand, requires more manual work because every cyber attack is different. AI can still be useful here though, particularly when it comes to determining a response strategy. The results of the survey show that only 7 percent of the teams without AI were able to contain the incident within minutes – with AI, the average was 23 percent. 

Even in cyber defence, continuous improvement is vital. Only when analysts retrospectively investigate can lessons be learned for future cyber threat attacks. This process can go on for hours, however, often days even. How can this be improved? With artificial intelligence again, of course. All of the teams using AI were significantly more efficient than those without it. 

 

Human beings and machines – cyber security is the winner!

The use of AI is worthwhile at every stage of defending against cyber attacks. Hence our tip: use artificial intelligence as well and sooner rather than later! That way you give yourself and your teams the chance to concentrate on the important issues and make your cyber defence even better.

Here at InfoGuard we also rely on AI in our Cyber Defence Center. “With cyber defence, it is often a matter of finding a needle in a haystack as quickly as possible. We manage to do this thanks to a combination of intelligent systems and expert analysts” says Urs Achermann, Head of Cyber Security Services. “We therefore also use systems with artificial intelligence and support our analysts. We do not just rely on the intelligence of our systems, however. The human element, in other words our 35 analysts, is still a crucial component, one that monitors and critically scrutinises the AI’s results. The systems with artificial intelligence therefore mainly help us with automated warnings about potential incidents.”

Our partner, Vectra Networks, offers you first-hand analyses regarding cyber threats and the use of artificial intelligence in the free “Attacker Behaviour Industry Report 2018”. Get acquainted with patterns of behaviour in the field which indicate ongoing activities by cyber criminals within your networks. Approximately 250 Vectra clients from 14 sectors using over 4.5 million devices took part in the survey. Find out which specific dangers and risks your company is exposed to and, in particular, how artificial intelligence can help you with detection and defence in the Attacker Behaviour Industry Report 2018. Download it now for free! 

 


Cyber threats and more – InfoGuard Security Lounge 2018

Would you like to learn more about cyber threats? Then take this opportunity and register for our Security Lounge on 26 June 2018. Expert Dr Hannes P. Lubich will be talking about “Cyber threats 2018 – the Known, the New and the Unexpected”. There will also be numerous other keynotes from renowned guest speakers, our own cyber security experts, a live hacking show and client and partner presentations. Don’t miss this event, register today!