Page 60 - CDM-CYBER-DEFENSE-eMAGAZINE-December-2018
P. 60
This ability to automatically “operationalize” human-readable threat intelligence enables SIEM
systems to classify logs and data feeds by security intent (separating benign activity from activity
demonstrating malicious intent). NLP algorithms read logs and data feeds, seek out relevant
information from logs and third-party data sources, and identify attack intent orders of magnitude
faster and far more effectively than is possible with traditional manual approaches by analysts.
Cause-and-effect analytics – A complementary approach to operationalizing threat intelligence,
cause-and-effect analytics enable SIEMs to automatically validate and prioritize real threats, and
reveal the complete “attack story.”
Orchestrated response – Finally, with NLP and cause-and-effect analytics, threat investigation,
mitigation and remediation can be optimized and automated based on attack intent, and SIEM
technology can marshal the most relevant response procedures and execute them using the right
security tools.
When SIEM technology 1) uses AI and NLP classifiers to autonomously understand the intent behind
each piece of data that the existing network infrastructure generates, 2) uses cause-and-effect analytics
to identify if these pieces form a real attack “story” against the organization, and 3) executes adaptive
investigation and response actions that are optimally synched to each threat, the “Big Rules” problem
can be solved. And, as a direct result, the other challenges associated with traditional SIEM systems are
also overcome.
It has taken decades, but AI and its related technologies have finally enabled SIEM to realize its original
promise. The reactive, passive, complex and expensive SIEM can be replaced by a proactive system
that detects, confirms and stops attacks before they cause harm, while simultaneously enabling
organizations to maximize the value of existing security infrastructure and eliminate the need for
extensive human intervention. Strengthening yet simplifying security in this way may have been the intent
of the original SIEM, but now we have the blueprint to execute on it successfully.
About the Author Avi Chesla, founder and CEO of empow
Avi is a recognized leader in the internet security arena internationally, with
expertise in product strategy, cyber security, network behavioral analysis,
expert systems and Software-Defined Networking. Prior to empow, Avi was
CTO and VP of security products at Radware, where he was responsible
for defining, leading and executing the company’s strategic technology
roadmap and vision, including the foundation and management of
Radware’s Security Division, a provider of cyber-attack mitigation solutions.
Avi’s views on industry trends and best practices have been featured in
articles and white papers, and on the conference speaking circuit. He has
earned more than 25 patents in the arena of cyber security solutions.Avi
can be reached online at @cheslaavi and https://www.linkedin.com/in/avi-
chesla-0637761/ or via the empow website:
https://www.empowcybersecurity.com/.
60
