Page 78 - Cyber Defense eMagazine October 2023
P. 78
data volume can quickly run up huge bills if not monitored closely). It also adapts to new or changing
attacks without requiring vendor updates and can verify or customize new models (if the vendor allows
it). This is an important capability; the same RSA survey cited above found that just 20% of respondents
are very confident that their SIEM can detect unknown attacks, and 17% are not confident it can do so.
Finally, adaptive ML does a better job overall of finding relationships between data because it’s not
restricted to preset inputs. For example, the system can learn things like not to flag logins from unfamiliar
IP address when that user is working remotely. Because it has this context, the analytics throws far fewer
false positives. This reduces the workload for security teams, lets them focus on the true positives, and
makes the organization safer overall.
Unified analytics based on true, adaptive ML offers many advantages over separate, rule-based analytics
including reducing time-to-discover and time-to-remediation. But with more solutions entering this space,
it’s becoming even more difficult to evaluate analytics. To help, consider asking these three questions:
1. Can I correlate data from any source, no matter what it is, and if so, what is this costing me?
2. Can this system detect new and emerging threats and if so, how?
3. Does this system calculate risk or priority level for alerts and do these calculations just use public
sources or are they customized to your specific network environment.
About the Author
Amol Bhagwat is the VP of Solutions and Field Engineering at
Gurucul. Amol is a distinguished security professional with over 15
years of experience in delivering security and risk management
solutions for Fortune 500 customers across the globe. He drives
product strategy, marketing campaigns, solutions development,
APAC technical sales and global customer success program. Prior to
Gurucul, he played an important role in building security practice for
a major global system integrator. He achieved exponential business
growth as a practice lead with focus on innovative solutions and
delivery excellence. Amol graduated from University of Mumbai with
B.E. in Electronics.
Amol can be reached online at [email protected] and at our company website https://gurucul.com/
Cyber Defense eMagazine – October 2023 Edition 78
Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.