AI, ML Make the SOC Better

Only 9% of cybersecurity professionals said that new artificial intelligence (AI) and machine learning (ML) tools have not improved their security operations center (SOC) functionality, according to Dark Reading’s latest research on enterprise security. The vast majority of respondents saw noticeable rises in speed, accuracy, and efficiency — good news for those frontline workers.

In Dark Reading’s Artificial Intelligence and Machine Learning in Cybersecurity Survey, an equal number of respondents (31%) said AI and ML tools contributed to SOC performance by improving threat detection, automating routine tasks, and speeding up responses to threats. All of these improvements directly reflect the value that automation brings to improving response accuracy and operational efficiency in the SOC.

One of the greatest challenges that SOC analysts face now is an overwhelming volume of false positives raised by their security tools. Analysts have to sift through system alerts and discern which ones are false positives and which ones are potential threats. The tediousness of that work can lead to missed warnings, slower incident response times, and dissatisfaction that can result in burnout. The good news is that AI and ML are perfectly suited for handling this kind of donkeywork.

In fact, 24% said that AI and ML tools improved their SOC operations by reducing the volume of false positives.

For 28% of Dark Reading respondents, AI and ML tools provided better visibility into security events, and 24% cited improved efficiency in handling security events. A quarter of respondents cited quicker response times from SOC personnel as a positive effect of these tools. AI and ML tools are gaining traction in enterprises, and these responses show those technologies are already making a positive impact on enterprise security posture.

For more on the impact of AI and ML on cybersecurity, download the Dark Reading report “The State of Artificial Intelligence and Machine Learning in Cybersecurity.”