Root Cause Analysis is a Highly Time-Consuming Process
Due to the high volume of alerts that security analysts face every day, many alerts are investigated and resolved without understanding the root cause, especially for alerts with weak signals, leaving organizations at risk.
In resolving alerts, it may take ½ second to mark something as false positive because it looks familiar, but it may take a full day or more to determine the true root cause. The typical process of root cause discovery begins with experts making assumptions and continues with ongoing queries and sometimes endless guessing. A Security Information Event Manager (SIEM) makes the process easier, but the overwhelming number and frequency of alerts can cause analyst fatigue and impede the process of determining the root cause.
AI Dramatically Simplifies Root Cause Analysis
Artificial Intelligence can not only reduce the time of investigation by identifying patterns and suggesting the plausible root causes, it can also enable analysts to resolve alerts with higher confidence.
DTonomy AI Assisted Security Orchestration Automation and Response platform (AIR) uses algorithms to analyze and correlate alerts and other contextual information. It continuously maps out all connections between different alerts, content, and analysts’ resolutions and recommends plausible root causes for alerts and groups of alerts.
The AI engine will recommend root causes that have the highest confidence, and analysts can then validate against their domain knowledge and determine whether future alerts should be treated as the same root cause category. For example, our system could automatically recommend patterns with high confidence such as a suspicious process alert that is triggered due to a system running a periodic update.
Transparent. Controllable. Adaptive.
The DTonomy AIR engine is uniquely designed to ensure the system not only provides valuable deep high-quality insights to analysts proactively but analysts can also more easily understand and have full control of AI because it is:
- Transparent – AI provides deep yet clear insights that can be understandable and explainable to humans; insights are always be supported by data and evidence.
- Controllable – A security analyst can control and have the flexibility to edit what AI suggests in an easy and intuitive way. Security analysts do not need to master the complicated part of an AI model that professional data scientists use.
- Adaptive – An AI engine enables reinforcement learning by continuously computing and listening to the security analyst’s feedback and providing refreshed insights about a unique environment and new data sets.
AI is bringing augmented intelligence for security analysts to accelerate investigation and response, minimize operation risks and more successfully mitigate security risk.
Don’t take our word for it, see for yourself. Request a demo here.
