Some Sobering Statistics on the State of Security Operations  

The recent Forrester 2020 State of Security Operations Survey stated that 

  • The average security team receives over 11,000 alerts per day 
  • The vast majority of these alerts must be manually processed and SecOps teams are unable to keep up with the volume 
  • 79% of surveyed businesses have experienced a breach within the past year  
  • Analysts waste time chasing false positives and often miss the real threats 
  • Teams are using siloed and poorly integrated tools to investigate and remediate alerts 
  • Investigating alerts takes the most of an analyst’s time, followed by triaging and threat hunting 
  • Only 13% of organizations are using automation/machine learning (ML) for the full lifecycle of an alert – triage, analysis, and response 

Automation and Machine Learning Can Augment Triage, Analysis and Response 

Although there is some hesitancy among security personnel to explore and trust AI, the benefits are real and achievable. The technology will augment processes and enable security professionals to discover and triage more attacks, reduce false positives and respond faster and more intelligently to alerts.  

AI/ML is a key feature of DTonomy’s Assisted Incident Response (AIR) 

With adaptive intelligence the system discovers patterns, makes predictions, prioritizes alerts and recommends actions. It reduces noise and helps to eliminate high false positive to focus your talent on higher level problems. It provides analysts with deep insights by identifying patterns from alerts that are not easily recognizable to accelerate investigation. It provides rich and relevant context to speed decision making and response.  

AI Augments, Does Not Replace Humans 

One of the key benefits of AI assisted incident response is the deep insight that it provides to lead to the right actions. DTonomy AIR is a powerful assistant and trusted tool for security analysts because it is: 

Transparent – provides deep yet clear insights that are understandable and explainable to humans; insights are always supported by data and evidence 

Controllable – analysts have the flexibility to edit the AI suggestions and can control AI in an easy and intuitive way 

Adaptive – the system continuously listens to and learns from the analysts’ feedback to provide new insights that are unique to an environment 

All in all, AI will not replace humans but is bringing augmented intelligence for security analysts to accelerate investigation and response, minimize operation risks and more successfully mitigate security risk. 

 

Want to improve your cybersecurity operations with DTonomy AIR? Schedule a demo

We are pleased to announce that DTonomy is now part of Stellar Cyber. The integrated solution will enhance cyber threat detection and response automation!

X