"A generative AI-driven approach provides a completely new method to address this alert fatigue dilemma. Instead of the traditional flow of security tools passing alerts directly to humans with the assumption that all alerts are valuable, the new approach uses generative AI to craft automated, human-like pre-investigations that take place as a down selection, so humans can focus on the alerts that matter."
"Advanced attackers are defined by their ability to evade the loudest "critical" alarms, so the key to detecting them is analyzing the low-level innocuous events to see if they fit a pattern or threat model. But how can we trust that AI is making the right decisions? The answer is continuous testing and validation. Trellix is a cybersecurity company formed from two giants, McAfee Enterprise and FireEye, whose merged product portfolios created the perfect building blocks to develop its generative AI solutions."
Security operations centers face overwhelming alert volumes, often exceeding a thousand per day, causing alert fatigue or suppression of alerts. Generative AI enables automated, human-like pre-investigations that down-select alerts so analysts focus on high-value incidents. The AI evaluates low-level, informational events and pieces together narratives to surface sophisticated threats that evade critical alarms. Continuous testing and validation are required to ensure AI decisions are reliable. Trellix leveraged combined endpoint, network, and email visibility from McAfee Enterprise and FireEye to train models capable of investigating alerts beyond simple summaries, building diverse data foundations for generative AI-driven security workflows.
Read at Harvard Business Review
Unable to calculate read time
Collection
[
|
...
]