Achieving rapid threat analysis and response

Petr Springl at Progress describes AI-powered contextual threat event analysis and explains its benefits

 

To stay safe in today’s digital business world, swift network analysis and troubleshooting are critical, especially in the complex hybrid cloud environments typical for many organisations. The hybrid cloud market size is estimated to grow from USD 129.68 billion in 2024 to USD 352.28 billion by 2029. This means that understanding what is happening in these environments is vital for CISOs to mitigate risks and optimise business efficiency.

 

However, one of the biggest hurdles facing IT teams is alert fatigue caused by an overwhelming volume of security events. CISOs and their teams struggle daily to extract actionable insights and effectively prioritise their efforts. Research has revealed that 33% of companies were delayed in responding to cyber-attacks because they were dealing with false positives and wasting time on misidentified escalation.

 

Security professionals are scrambling for new capabilities to manage the volume of security alerts with speed and precision and AI-powered contextual threat event analysis could be the best technology.

 

Superior detection

AI-powered contextual threat event analysis addresses critical problems by examining the overall state of the network. It applies behaviour analysis algorithms to detect anomalies concealed within network traffic. This can identify event trends and generate an in-depth at-a-glance view. New data views can correlate detected events in the entire IT ecosystem, whether on-premises, cloud or hybrid.

 

Contextual threat event analysis provides critical information about the devices with the highest threat score and those with an increased threat score. It also provides insight into the changes in severity across the most common types of detected events and the most significant detected threats.

 

Benefits of AI-powered alert detection

By tapping into the power of AI, security professionals have easier access to an expanded range of security insights. They can immediately apply sophisticated intelligence and context to identify malicious behaviours, attacks against mission-critical applications, data breaches and various compromise indicators.

 

These dedicated threat analysis tools can provide an advanced and holistic view of detected security events. This visibility empowers cyber-security professionals to identify the most important events, prioritise them with context, guide efficient decision-making and quickly respond to potential threats.

 

Giving security teams advanced knowledge

There are five critical aspects of an effective contextual threat event analysis tool:  

1. Intrusion Detection System (IDS) events visualisation and analysis browser updates: Signature-based events are presented in a unified user interface with behaviour-based events, including drill-downs, event evidence, dashboards and reports.
2. AI-assisted analysis and threat score summary: An analysis page that contains summary information with actionable insights prioritised according to the level of severity.
3. Application and platform mapping to IP addresses: Expanded network intelligence helps users map IP addresses to SaaS applications and platforms.
4. Detection of the use of specific applications: This new functionality streamlines the detection of unapproved SaaS apps and potentially dangerous applications like unauthorised VPN software.
5. IP Indexing: IP indexing minimises query processing time. For example, when conducting a retrospective analysis, a user can receive a near-immediate answer to the question, “Did anyone from my network communicate with the following malicious IPs last month?” The performance improvement of a particular query depends on a specific data set for a specific period.  

Clear insight amidst alert noise

The contextual threat event analysis tool acts as an always-on, AI-powered cyber-security analyst that can identify the most important events and findings. It also provides a full understanding of incidents and key insights into the dynamics of any security situation, representing a significant step forward to counter ever-evolving threats. 

 

Once a cyber-security team has a cohesive understanding of their organisation’s threat landscape, they can stay ahead of cyber-threats, mitigate risks and better safeguard their critical assets.

 

By using AI-powered contextual threat event analysis, CISOs are raising their game in the battle against ever-evolving threats, improving network security and delivering rapid and actionable insights for their organisation.

 

---

 

Petr Springl is Senior Director, Software Engineering at Progress

 

Main image courtesy of iStockPhoto.com and Just_Super