Rapid7 AI Engine Update Sees Gen AI Supporting SOC With MDR

Share
One of the key advantages of GenAI in SOC environments is its ability to process and comprehend vast amounts of unstructured data
Rapid7's enhanced AI Engine will now use machine learning models and new Gen AI models to separate real attacks from false alarms

Cybersecurity firm Rapid7 has announced Gen AI as the next addition into its AI Engine in a bid to transform its managed detection and response services (MDR).

The Rapid7 AI Engine is the core analytics engine underlying Rapid7's Insight Platform and assists the company's global security operations centre (SOC) team throughout the attack lifecycle. 

It enhances threat detection and alert prioritisation by leveraging a massive dataset of risk and threat intelligence to automatically distinguish real threats from benign activity.

The enhanced AI Engine combines traditional machine learning models and now with new Gen AI models, in a multi-layered approach, allowing it to more accurately validate whether new security alerts are truly malicious or not. 

Traditional machine learning models can analyse various features and patterns to initially classify alerts as potentially malicious or benign, and GenAI models can then process the alert data and surrounding context in a more human-like way, leveraging their large knowledge bases to make more nuanced determinations about the true nature and risk level of each alert. 

"For years, we've pioneered the application of AI technologies, establishing patented models and incorporating them into our technologies to better and more efficiently solve customer challenges,” said Laura Ellis, VP of Data and AI at Rapid7. “We remain at the forefront with Gen AI, enhancing our world-class MDR services, ensuring that we continue to deliver unparalleled results for our customers." 

This multi-model approach takes advantage of the strengths of both techniques to improve overall threat detection accuracy and reduce false positives, enabling security analysts to better prioritise their investigation efforts on the most critical alerts.

Youtube Placeholder

Examining a SOCs operations

A SOC team is responsible for maintaining an organisation's security monitoring tools and investigating any suspicious activities that are flagged. Their key roles include:

SOC's purview
  • Determining false positive alerts from real threats
  • Incident response to vulnerabilities before breaches occur
  • Implementing new security controls to detect emerging threats
  • Assisting with general IT tasks for employees

Organisations with a significant attack surface and mature security posture typically require a dedicated SOC team to handle the volume of potential threats.

How GenAI is augmenting SOC 

GenAI is rapidly emerging as a powerful tool for enhancing the capabilities of SOCs across the cybersecurity industry. By leveraging large language models and other advanced AI techniques, GenAI can augment various aspects of SOC operations, from threat detection and analysis to incident response and reporting.

One of the key advantages of GenAI in SOC environments is its ability to process and comprehend vast amounts of unstructured data, such as security logs, threat intelligence reports, and incident descriptions. 

This capability allows GenAI systems to provide valuable insights and recommendations to analysts, helping them quickly identify and prioritise potential threats.

GenAI can also assist in automating repetitive tasks, such as generating initial incident reports or drafting response procedures. This not only saves time for analysts, who are in increasingly short supply, but also ensures consistency and accuracy in documentation, which is crucial for compliance and forensic purposes.

Leading cybersecurity companies are already exploring the potential of GenAI in their SOC operations. 

CrowdStrike, has integrated GenAI capabilities into its Falcon platform, enabling analysts to query the system using natural language and receive relevant insights and recommendations.

Beyond individual companies, industry organisations are also recognizing the potential of GenAI in cybersecurity. 

The SANS Institute, a prominent provider of cybersecurity training and certifications, has launched a GenAI initiative to explore the ethical and responsible use of this technology in various cybersecurity domains, including SOC operations.

This interest shows the application the sector sees in Gen AI in SOC. As the technology continues to evolve, SOCs can stand to benefit further from the optimisation efforts of Gen AI in their operations, and it all starts with these smaller implementations. 

******

Make sure you check out the latest edition of Cyber Magazine and also sign up to our global conference series - Tech & AI LIVE 2024

******

Cyber Magazine is a BizClik brand

Share

Featured Articles

Palo Alto Networks, Deloitte and The Push to Platformization

By expanding their partnership to EMEA, Palo Alto Networks is bringing to Deloitte the platformization needed in the modern cybersphere

Insurers Now Spotlighting Identity and Privilege Compromises

Delinea's latest survey reveals a sharp rise in cybersecurity insurance claims, pushing for advanced identity protection measures. Dive into how AI and met

Trend Micro Address AI Threat to Mobile Users with New App

Trend Micro Check is an all-in-one solution that recognises the threats that deepfakes are now posing to mobile users in elaborate scams

Solarwinds CISO Wants Global Cyber Laws After Winning Case

Cyber Security

Resurgence of Spam: Cisco Talos Sound Alarm on New Tactics

Hacking & Malware

Cloudhouse Head Talks Laws Incoming After Crowdstrike Outage

Operational Security