Article
Technology & AI

Rapid7 AI Engine Update Sees Gen AI Supporting SOC With MDR

By Kristian McCann
June 14, 2024
undefined mins
One of the key advantages of GenAI in SOC environments is its ability to process and comprehend vast amounts of unstructured data
Rapid7's enhanced AI Engine will now use machine learning models and new Gen AI models to separate real attacks from false alarms

Cybersecurity firm Rapid7 has announced Gen AI as the next addition into its AI Engine in a bid to transform its managed detection and response services (MDR).

The Rapid7 AI Engine is the core analytics engine underlying Rapid7's Insight Platform and assists the company's global security operations centre (SOC) team throughout the attack lifecycle. 

It enhances threat detection and alert prioritisation by leveraging a massive dataset of risk and threat intelligence to automatically distinguish real threats from benign activity.

The enhanced AI Engine combines traditional machine learning models and now with new Gen AI models, in a multi-layered approach, allowing it to more accurately validate whether new security alerts are truly malicious or not. 

Traditional machine learning models can analyse various features and patterns to initially classify alerts as potentially malicious or benign, and GenAI models can then process the alert data and surrounding context in a more human-like way, leveraging their large knowledge bases to make more nuanced determinations about the true nature and risk level of each alert. 

"For years, we've pioneered the application of AI technologies, establishing patented models and incorporating them into our technologies to better and more efficiently solve customer challenges,” said Laura Ellis, VP of Data and AI at Rapid7. “We remain at the forefront with Gen AI, enhancing our world-class MDR services, ensuring that we continue to deliver unparalleled results for our customers." 

This multi-model approach takes advantage of the strengths of both techniques to improve overall threat detection accuracy and reduce false positives, enabling security analysts to better prioritise their investigation efforts on the most critical alerts.

Youtube Placeholder

Examining a SOCs operations

A SOC team is responsible for maintaining an organisation's security monitoring tools and investigating any suspicious activities that are flagged. Their key roles include:

SOC's purview
  • Determining false positive alerts from real threats
  • Incident response to vulnerabilities before breaches occur
  • Implementing new security controls to detect emerging threats
  • Assisting with general IT tasks for employees

Organisations with a significant attack surface and mature security posture typically require a dedicated SOC team to handle the volume of potential threats.

How GenAI is augmenting SOC 

GenAI is rapidly emerging as a powerful tool for enhancing the capabilities of SOCs across the cybersecurity industry. By leveraging large language models and other advanced AI techniques, GenAI can augment various aspects of SOC operations, from threat detection and analysis to incident response and reporting.

One of the key advantages of GenAI in SOC environments is its ability to process and comprehend vast amounts of unstructured data, such as security logs, threat intelligence reports, and incident descriptions. 

This capability allows GenAI systems to provide valuable insights and recommendations to analysts, helping them quickly identify and prioritise potential threats.

GenAI can also assist in automating repetitive tasks, such as generating initial incident reports or drafting response procedures. This not only saves time for analysts, who are in increasingly short supply, but also ensures consistency and accuracy in documentation, which is crucial for compliance and forensic purposes.

Leading cybersecurity companies are already exploring the potential of GenAI in their SOC operations. 

CrowdStrike, has integrated GenAI capabilities into its Falcon platform, enabling analysts to query the system using natural language and receive relevant insights and recommendations.

Beyond individual companies, industry organisations are also recognizing the potential of GenAI in cybersecurity. 

The SANS Institute, a prominent provider of cybersecurity training and certifications, has launched a GenAI initiative to explore the ethical and responsible use of this technology in various cybersecurity domains, including SOC operations.

This interest shows the application the sector sees in Gen AI in SOC. As the technology continues to evolve, SOCs can stand to benefit further from the optimisation efforts of Gen AI in their operations, and it all starts with these smaller implementations. 

******

Make sure you check out the latest edition of Cyber Magazine and also sign up to our global conference series - Tech & AI LIVE 2024

******

Cyber Magazine is a BizClik brand

SOCAI EngineMDR
Share
Share
Author
Kristian McCann

Featured Articles

Microsoft Giving Cybersecurity Boost to Rural US Hospitals

Microsoft is giving rural hospitals a hand to help them get their cybersecurity up to snuff to keep them running amid the rising attacks on healthcare

Outpost24 Webinar to Show How CTEM Can Enhance Cybersecurity

Outpost24's webinar will provide actionable insights for attendees looking to implement Continuous Threat Exposure Management into their security strategy

Why Cato Networks' MSASE Gives Channel Partners Vendor Power

SASE has become a critical component for enterprises, driven by increasingly complex network environments, but it has its its own issues to content with

ManageEngine’s Arun Kumar Talks the Threat of Mobile Malware

Hacking & Malware

SpiceRAT: Cisco Talos Sound Alarm Over New Trojan

Hacking & Malware

CrowdStrike & HPE: Unifying IT and Security for Secure AI

Technology & AI