advanced stages of Zero Trust and focus on the overlay pillars: Automation and Orchestration, and
            Visibility and Analytics.

            These pillars permeate the entire organization and many different IT/IS departments. Building them out
            requires having visibility into everything happening in the Zero Trust environment, including all of the
            tools, applications and processes in place to protect the five core pillars. Maturing these two overlay
            pillars requires new capabilities and technologies like advanced analytics powered by machine learning
            and AI as well as identity-centric SIEM, UEBA and SOAR capabilities. The Automation and Orchestration
            pillar requires high-fidelity detections combined with rich contextual data, and the ability to dynamically
            prioritize events and alerts accurately in order to automate remediations without interrupting legitimate
            business processes in the crossfire.



            AI can improve SOC team efficiency now – and will improve over time

            While  the  adversaries  are  busy  trying  to  weaponize  AI  to  achieve  their  goals,  the  benefit  of  AI  for
            defenders and the Security Operations Center (SOC) team will be more immediate and more significant.
            AI will empower SOC analysts with powerful insights into datasets across identity, security, network,
            enterprise and cloud platforms. Specifically, it will improve SOC team efficiency and help counter the
            ongoing challenges of limited resources and skill sets, overwhelming alert fatigue, false positives and
            mis- or unprioritized alerts in the following ways:

               •  Provide proactive suggestions for detections and threat hunting queries.
               •  Create  new  threat  content  based  on  recent  trends,  learnings  across  customers  and  industry
                   verticals to dynamically improve or suggest new ML models, queries, reports and more.
               •  Auto-triage  alerts  based  on  historical  triage  patterns,  investigation  notes,  types  of  detection,
                   relevance, and attack trends to automate and suggest key incident response activities with ease
                   including creating custom reports, taking bulk actions, and multi-step workflows.

            Cybercriminals are already using AI to make their attacks better – and improve the tactics, techniques,
            and  procedures  (TTPs)  of  attacks.  But  advanced  machine  learning  models  that  are  trained  using
            adversarial AI will be able to combat these new attacks. Organizations should invest in quality, mature
            ML/AI powered technologies for threat detection and explore how AI can help their SOC teams spend
            less time investigating (or chasing false positives) and more time eradicating true threats.



            Among companies without an insider threat program, 75% will start to plan, build and budget for
            a formal insider threat program, with a majority of that growth coming from the SME (Small and
            Medium Enterprise) market

            Recent research shows that more than half of organizations have experienced an insider threat in the
            past year and 68% are “very concerned” about insider threats as they return to the office or move to
            hybrid work. 74% say insider attacks have become more frequent, and 74% say they are moderately
            vulnerable or worse to insider attacks. Overall, companies of all sizes are becoming increasingly aware






            Cyber Defense eMagazine – February 2024 Edition                                                                                                                                                                                                          134
            Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.