Forum Discussion

Nacho81's avatar
Nacho81
Copper Contributor
May 20, 2022

Hi Community!, I'm looking how to apply IA and ML on SOC , for cybersecurity, thanks

Hi Community!, I'm looking how to apply IA and ML on SOC , for cybersecurity, thanks

  • H2O's avatar
    H2O
    Iron Contributor

    Nacho81  

    There are a number of ways that AI and ML can be applied to SOC for cybersecurity. Some of these applications include:

    • Automating threat detection and response: AI and ML can be used to automate the process of detecting and responding to threats. This can free up SOC analysts to focus on more complex tasks, such as investigating incidents and developing new security controls.
    • Analyzing large datasets: AI and ML can be used to analyze large datasets of security logs and other data. This can help SOC analysts to identify patterns and trends that might indicate a security breach.
    • Building predictive models: AI and ML can be used to build predictive models that can predict future threats. This can help SOC analysts to be proactive in their security efforts.
    • Improving communication and collaboration: AI and ML can be used to improve communication and collaboration between SOC teams. This can help to ensure that all teams are aware of the latest threats and that they are working together effectively to respond to them.

    Here are some specific examples of how AI and ML are being used in SOCs today:

    • CrowdStrike Falcon Prevent: This product uses AI and ML to identify and block threats before they reach endpoints.
    • IBM QRadar SOAR: This platform uses AI and ML to automate threat detection and response.
    • Splunk Phantom: This platform uses AI and ML to automate incident response.

    These are just a few examples of how AI and ML can be applied to SOC for cybersecurity. As the technology continues to develop, we can expect to see even more innovative ways to use AI and ML to improve security. :lol:

    • Rod_Trent's avatar
      Rod_Trent
      Icon for Microsoft rankMicrosoft
      And of course, don't forget Microsoft Sentinel has been using ML since day one to help sift through the unnecessary alerts to free efficiency for security teams. ๐Ÿ˜‰

      This is built in, i.e., the ML stuff. For AI, its easy to implement using the APIs. In Sentinel we do this currently through the use of Logic Apps. There's several good blogs out there that showcase this.

      Here's one example: https://rodtrent.substack.com/p/generating-kql-from-microsoft-sentinel

      I started a series on my blog recently (aka.ms/RodsBlog) to show how to build your own Security Copilot using Azure Cognitive services and Azure OpenAI.
  • blakecheek's avatar
    blakecheek
    Iron Contributor
    Adding on to what some of the other commenters have said, I've had the privilege of attending trade shows and seeing firsthand the work being done with AI and ML in the security space.

    A security application might, for example, monitor user behavior and become more strict depending on activity. For example, if a user is deleting files in bulk out of nowhere or copying them to another location, the software might pick up on that behavior and start changing permissions to prevent that behavior.

    Check out these blog posts from Microsoft: https://www.microsoft.com/en-us/security/blog/topic/ai-and-machine-learning/?sort-by=newest-oldest&date=any

Resources