Artificial Intelligence & Machine Learning
,
Next-Generation Technologies & Secure Development
,
Security Information & Event Management (SIEM)
Mike Nichols on Enhancing SOC Workflows and Combating Analyst Burnout
The security information and event management landscape is constantly evolving, but “traditional SIEM has classically been stuck in the enterprises due to accessibility,” according to Mike Nichols, vice president of product management for security at Elastic.
Nichols underscored the challenges modern SOC analysts face, including burnout due to the overwhelming volume of alerts. “You take a personal toll of not being able to churn through what’s out there,” he said, stressing the need to find “the signal in the noise.” As predictive and generative AI are becoming crucial tools for prioritizing alerts effectively, AI can identify what matters most.
“Large language models can stitch together and find the commonality between different alerts that aren’t just based on these atomic indicators,” he said. “When we feed the alert information and your context into these models, it can spit out: ‘Hey, this thing matters. Here’s the five alerts that are strung together across a kill chain like MITRE’s ATT&CK matrix.'”
In this video interview with Information Security Media Group at RSA Conference 2024, Nichols also discussed:
- Elastic’s ATT&CK Discovery solution to enhance SOC workflows;
- How Elastic’s AI-driven analytics help analysts streamline investigations and prevent critical threats from being overlooked;
- Elastic’s data-centric approach and expertise in search AI technology.
At Elastic, Nichols is responsible for building the future of cloud-scalable security. Prior to Elastic, he served as the adjunct faculty for cybersecurity at Georgetown University School of Continuing Studies. He has been in leadership positions at several companies including Endgame, Fortscale and Fidelis Security.
This post was originally published on 3rd party site mentioned in the title of this site