Siscale has developed Arcanna.ai, a Cognitive Automation platform to provide AI Assistance for SOC analysts when triaging and investigating cybersecurity alerts.
Arcanna.ai was designed and built to enhance teams of experts with the power of AI. It uses deep learning and NLP to enable the SOC Teams to extract insights and automate complex tasks which would ordinarily consume a lot of valuable time, or would not have been possible.
The product, with its capability to learn and adapt, gives security operations professionals the edge they need to keep things running smoothly while also creating additional capacity within the organisation that could be deployed on higher value activities.
Why do we need Arcanna.ai?
When it comes to Cybersecurity, there are two main issues SecOps teams are facing when triaging and investigating alerts.
Alert storms can have dire consequences on business continuity. In periods of time when alerts overflow the ordinary rate, security analysts become overwhelmed and missing important alerts that lead to business-critical damage such as access to confidential information.
Secondly, alert fatigue is a big challenge for security analysts. This occurs when the personnel regularly dealing with alerts experiences high stress levels due to repetitive and tedious tasks in analysing hundreds or thousands of alerts. This results in the loss of attention, leading to attacks slipping past the analyst.
Triaging and investigating alerts is one of the biggest challenges in Cybersecurity due to an increase in sensors, devices and applications which need to be monitored, cybersecurity talent shortage and existing cybersecurity tools not being able to learn from expert's knowledge.
Security teams being overwhelmed with a high volume of daily threats to handle and workforce talent shortages means there is a need for a more streamlined alert triaging solution.
How does Arcanna.ai overcome challenges within Cybersecurity?
Deep learning approaches are a viable solution when dealing with large amounts of data; Cybersecurity included.
Siscale uses deep learning and NLP to facilitate faster responses to attacks thus reducing fatigue for analysts. Deep learning also preserves organisations knowledge for complex processes.
Considering the issues discussed, the alert triage module of Arcanna.ai assists organisations in overcoming the challenges.
Combining three elements, Arcanna.ai is designed to be a virtual member of an organisation's security team to provide AI Assistance for Triage and Investigation process:
- By formulating the challenge of alert triaging as a binary classification task through deep learning, in which alerts are flagged as either true positives or false positives, Arcanna.ai processes alerts using standard natural language processing (NLP).
- The process automation element within Arcanna.ai automates all the manual tasks after the deep learning model has escalated an alert, such as ticket creation. Simultaneously, Arcanna.ai’s value increases exponentially as more tasks are automated based on the decision of the AI model. This streamlines the process of incident remediation by integrating with additional security tools such as the Security Orchestration Automation and Response (SOAR).
- As users perform the triaging and investigation process, the model improves and adapts to the particularities of the ecosystem in which it operates. Enabling users to directly influence the deep learning algorithm, without any coding knowledge required, is the backbone of Arcanna.ai’s innovative approach.
Arcanna.ai’s ability to encompass the knowledge of the organisation’s experts makes it a key virtual member of the security team that minimises human error and enhances each analyst's performance.