Cyber Security

Overcoming Challenges and Easing the Workload for Cybersecurity Teams with AI — Kaspersky

177
(source: Pixabay)

In dealing with various amounts of cyberattacks on a daily basis, especially in sifting through false positives in its detection logic, the Kaspersky Security Operation Center noted that the process can be done more seamlessly with the use of automation, including the use of machine learning (ML), deep learning, and artificial intelligence (AI).

In the MDR analytical report for 2023, the Kaspersky Security Operations Center (SOC) team processed 431,512 security alerts. However, only 32,294 of these alerts were classified out of 14,160 incidents reported to customers.

Sergey Soldatov, Head of the Security Operation Center at Kaspersky, highlighted the benefits of using AI or ML to detect cyber incidents. By using a supervised machine, such as the AI-based Autoanalyst, it delivers efficient filtering of false positives and optimizes team resources.

The Autoanalyst used in Managed Detection and Response (MDR) processed about 30% of false positives on average in 2023, which reduced the load on the SOC team by approximately 25%.

Of course, that is not to say it is by no means an imperfect solution. It is also worth noting that by increasing the filtering rate, there is the likelihood of its classification error increasing. Misclassifications of true cyber attacks as false positives can happen, and vice versa. On the other hand, reducing classification errors can lead to a higher rate of false positives.

But on one hand, statistics show that human mistakes are unavoidable, so a small margin of error is acceptable for the Autoanalyst. For Kaspersky’s MDR, the error probability does not exceed 2%, which defines the volume of the false positive alerts that Autoanalyst can filter while maintaining acceptable quality.

Overall, AI or ML can help the team focus on in-depth cases without burning out, which could degrade work quality. It strikes the balance between covering all the bases of threat detection while maintaining the quality standards.

“In practice, as a rule, it is possible to strike a balance between these extremes, achieving high-quality detection of hidden attacks and reducing the number of false positives simultaneously,” said Soldatov.

Written by
Tech Beat Philippines

Tech Beat Philippines is the social media news platform for all things technology. It is also a part of the GEARS section on Daddy's Day Out.

Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Daddy’s Day Out is a platform that celebrates modern masculinity and offers a space where men can unite, learn, and grow together. It fosters a community where authenticity, support, and self-expression thrive unapologetically.

Related Articles

Businesses in Southeast Asia Face Over 23 Million Bruteforce Attacks in 2024, Reports Kaspersky

Kaspersky reported a massive record of over 23M bruteforce attacks targeting businesses...

Kaspersky Reveals IT Security Headaches: Data Protection, Complex Tech, and Downtime

Kaspersky IT Security Economics reported most companies are most concerned about productivity loss, securing...

Business in Southeast Asia Faced Over 140K Web Threats Everyday, Reveals Kaspersky

With Southeast Asia’s rapid digitalization, businesses in the region face a growing...

Globe Telecom, Vectra AI Partner to Strengthen Network Cybersecurity Operations

To enhance its cybersecurity operations across its network, Globe Telecom has partnered...