Rapid7 AI Engine Update Sees Gen AI Supporting SOC With MDR

One of the key advantages of GenAI in SOC environments is its ability to process and comprehend vast amounts of unstructured data
Rapid7's enhanced AI Engine will now use machine learning models and new Gen AI models to separate real attacks from false alarms

Cybersecurity firm Rapid7 has announced Gen AI as the next addition into its AI Engine in a bid to transform its managed detection and response services (MDR).

The Rapid7 AI Engine is the core analytics engine underlying Rapid7's Insight Platform and assists the company's global security operations centre (SOC) team throughout the attack lifecycle. 

It enhances threat detection and alert prioritisation by leveraging a massive dataset of risk and threat intelligence to automatically distinguish real threats from benign activity.

The enhanced AI Engine combines traditional machine learning models and now with new Gen AI models, in a multi-layered approach, allowing it to more accurately validate whether new security alerts are truly malicious or not. 

Traditional machine learning models can analyse various features and patterns to initially classify alerts as potentially malicious or benign, and GenAI models can then process the alert data and surrounding context in a more human-like way, leveraging their large knowledge bases to make more nuanced determinations about the true nature and risk level of each alert. 

"For years, we've pioneered the application of AI technologies, establishing patented models and incorporating them into our technologies to better and more efficiently solve customer challenges,” said Laura Ellis, VP of Data and AI at Rapid7. “We remain at the forefront with Gen AI, enhancing our world-class MDR services, ensuring that we continue to deliver unparalleled results for our customers." 

This multi-model approach takes advantage of the strengths of both techniques to improve overall threat detection accuracy and reduce false positives, enabling security analysts to better prioritise their investigation efforts on the most critical alerts.

Youtube Placeholder

Examining a SOCs operations

A SOC team is responsible for maintaining an organisation's security monitoring tools and investigating any suspicious activities that are flagged. Their key roles include:

SOC's purview
  • Determining false positive alerts from real threats
  • Incident response to vulnerabilities before breaches occur
  • Implementing new security controls to detect emerging threats
  • Assisting with general IT tasks for employees

Organisations with a significant attack surface and mature security posture typically require a dedicated SOC team to handle the volume of potential threats.

How GenAI is augmenting SOC 

GenAI is rapidly emerging as a powerful tool for enhancing the capabilities of SOCs across the cybersecurity industry. By leveraging large language models and other advanced AI techniques, GenAI can augment various aspects of SOC operations, from threat detection and analysis to incident response and reporting.

One of the key advantages of GenAI in SOC environments is its ability to process and comprehend vast amounts of unstructured data, such as security logs, threat intelligence reports, and incident descriptions. 

This capability allows GenAI systems to provide valuable insights and recommendations to analysts, helping them quickly identify and prioritise potential threats.

GenAI can also assist in automating repetitive tasks, such as generating initial incident reports or drafting response procedures. This not only saves time for analysts, who are in increasingly short supply, but also ensures consistency and accuracy in documentation, which is crucial for compliance and forensic purposes.

Leading cybersecurity companies are already exploring the potential of GenAI in their SOC operations. 

CrowdStrike, has integrated GenAI capabilities into its Falcon platform, enabling analysts to query the system using natural language and receive relevant insights and recommendations.

Beyond individual companies, industry organisations are also recognizing the potential of GenAI in cybersecurity. 

The SANS Institute, a prominent provider of cybersecurity training and certifications, has launched a GenAI initiative to explore the ethical and responsible use of this technology in various cybersecurity domains, including SOC operations.

This interest shows the application the sector sees in Gen AI in SOC. As the technology continues to evolve, SOCs can stand to benefit further from the optimisation efforts of Gen AI in their operations, and it all starts with these smaller implementations. 

******

Make sure you check out the latest edition of Cyber Magazine and also sign up to our global conference series - Tech & AI LIVE 2024

******

Cyber Magazine is a BizClik brand

Share

Featured Articles

UK Takes Steps to Strengthen Country's Cyber Security

The new government have made cybersecurity one of their top priorities as they lay out their plans for what they intend to do in power

BlueVoyant Launch Platform to Tackle Supplier Attack Surface

BlueVoyant has unveiled a new Cyber Defense Platform which aims to tackle the growing attack surface introduced by the ecosphere of third-party vendors

Irdeto’s Andrew Bunten Talks Securing Online Content Streams

With online streaming services being bigger than ever, Irdeto’s Andrew Bunten explains how they manage to keep streams safe despite the huge attack surface

Fortinet Cyber Survey Shows Global Scope of Skills Gap

Operational Security

What ChatGPT Passing an Ethical Hacking Exam Means for Cyber

Technology & AI

Learn How CTEM can Upskill Your Cyber Strategy

Network Security