data volume can quickly run up huge bills if not monitored closely). It also adapts to new or changing
            attacks without requiring vendor updates and can verify or customize new models (if the vendor allows
            it). This is an important capability; the same RSA survey cited above found that just 20% of respondents
            are very confident that their SIEM can detect unknown attacks, and 17% are not confident it can do so.


            Finally, adaptive ML does a better job overall of finding relationships between data because it’s not
            restricted to preset inputs. For example, the system can learn things like not to flag logins from unfamiliar
            IP address when that user is working remotely. Because it has this context, the analytics throws far fewer
            false positives. This reduces the workload for security teams, lets them focus on the true positives, and
            makes the organization safer overall.

            Unified analytics based on true, adaptive ML offers many advantages over separate, rule-based analytics
            including reducing time-to-discover and time-to-remediation. But with more solutions entering this space,
            it’s becoming even more difficult to evaluate analytics. To help, consider asking these three questions:

               1.  Can I correlate data from any source, no matter what it is, and if so, what is this costing me?
               2.  Can this system detect new and emerging threats and if so, how?
               3.  Does this system calculate risk or priority level for alerts and do these calculations just use public
                   sources or are they customized to your specific network environment.



            About the Author

            Amol  Bhagwat  is  the  VP  of  Solutions  and  Field  Engineering  at
            Gurucul. Amol is a distinguished security professional with over 15
            years  of  experience  in  delivering  security  and  risk  management
            solutions  for  Fortune  500  customers  across  the  globe.  He  drives
            product  strategy,  marketing  campaigns,  solutions  development,
            APAC technical sales and global customer success program. Prior to
            Gurucul, he played an important role in building security practice for
            a major global system integrator. He achieved exponential business
            growth  as  a  practice  lead  with  focus  on  innovative  solutions  and
            delivery excellence. Amol graduated from University of Mumbai with
            B.E. in Electronics.
            Amol can be reached online at [email protected] and at our company website https://gurucul.com/



















            Cyber Defense eMagazine – October 2023 Edition                                                                                                                                                                                                          78
            Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.