In an AI-driven cybersecurity landscape, adversaries are moving faster than ever.

The time taken for adversaries to move laterally within a network after the initial access for e-crime intrusion activity dropped from 84 minutes in 2022 to 62 minutes in 2023. This leaves defenders only an hour’s worth of time to minimize the cost and damage caused by the initial intrusion.

Traditional Security Operations Centers (SOCs) and legacy SIEM can no longer deliver the security outcomes organizations need in an increasingly AI-driven world.

CybersecAsia had the privilege of tapping into the expertise of Fabio Fratucello, Field CTO International, CrowdStrike, for insights into the challenges and possible solutions that SOCs are facing with SIEM today.

On top of this, legacy SIEM technologies struggle with slow search speeds and have limited visualization and investigation options, issues that are leading to increased detection and response times.

The result is legacy SIEMs are taking focus away from what Security Operations teams should be spending most of their time on, which is stopping the breach. 

In what ways is AI modernizing the SOC?

FF: An AI-native SOC enables security teams to match the speed and sophistication of today’s attacks. For example, to simplify data ingestion and extend the visibility of diverse data sources, the AI-native SOC uses large language models (LLMs) to generate parsers with minimal input.

The AI-native SOC also leverages modern AI models and automation to deliver superior threat prevention of known and zero-day attacks, enhance threat detections ensuring security teams stay one step ahead of evolving threats and accelerate alert triage and investigation by grouping and prioritizing alerts. 

How can GenAI be harnessed in threat detection and response processes? What are the biggest advantages in leveraging GenAI?

FF: GenAI takes alert investigation and triage to the next level by making it easy for users to ask questions and get answers in plain language during an investigation.

For example, with Charlotte AI (CrowdStrike’s GenAI Security Analyst embedded in the Falcon platform) users can immediately get answers to questions like, “Has my data been exfiltrated? From where? By whom? How much data did they take?” 

GenAI assists security practitioners of all levels in their investigations by providing valuable insights and recommendations, streamlining the decision-making process. 

We recently added new innovations in the latest Falcon Next-Gen SIEM release that unleash the power of Charlotte AI. Through these innovations we enable customers to elevate analysts of all skill levels with the ability to ask any question relating to Falcon data and get a response in plain language seconds later; transform the speed and efficiency of investigations by automatically correlating all related context into a single incident; and accelerate analyst work with GenAI promptbooks relating to the most common workflows across detection, investigation, hunting and response.  

In what other ways can GenAI be integrated within existing security frameworks?

FF: As part of a unified platform, GenAI helps organizations modernize their SOC and elevate their security profile by consolidating security tools and transforming operations from manual to automation-first, AI-driven processes. In addition, GenAI can also be used by CISOs to get invaluable insights into their organization’s security posture and use this information to facilitate board-level discussions and strategic planning to ensure risk management decisions align with larger business objectives.