Application Security , Next-Generation Technologies & Secure Development , Security Operations
Building Better Security Operations Centers With AI/ML
Expel's Jake Gillen on Helping SOC Teams Cut Through the Noise, Speed Up ResponseAccess to artificial intelligence tools is helping cybercriminals become even more formidable attackers, but AI and machine learning are also helping cybersecurity teams and security operations centers become more effective defenders by understanding "what's normal and what's anomalous - very quickly," said Jake Gillen, principal solutions architect at Expel.
By analyzing behavior and identifying anomalies swiftly, security teams can proactively manage security threats - instead of just reacting to them.
"The speed at which attacks are coming, defenders need to have some automation involved to cut down on the noise and also to give them a better shot at figuring out what's actually happening quickly by using ML," Gillen said. As cybercriminals are using AI too, SOCs need these tools for faster incident response.
In this video interview with Information Security Media Group at the Cybersecurity Implications of AI Summit: North America West, Gillen also discussed:
- The use of ML for real-time anomaly detection;
- How automation in security operations can help manage vast amounts of data and alerts;
- How threat actors in Russia, China, North Korea and Iran are already using AI on a global stage.
Gillen has more than 25 years of experience in cybersecurity. He has expertise in designing and implementing privileged account management, vulnerability management, multifactor authentication, logging and SIEM, audit, compliance, and defensive security.