How AI Improves Incident Management Processes

According to its public disclosures, a recently hacked genetic testing company was breached for approximately five months from April through September 2023 (about 150 days) before it became aware of the breach. See https://lnkd.in/eGcuMZ5T. That may seem like a long time, but according to IBM and Ponemon, in 2023, it took the average company 204 days to identify that it had been breached and another 73 days to contain the breach. See https://lnkd.in/eFTF9XKQ at 13. The longer an attacker has access to your systems, the more damage he or she can do, and the more likely the incident will be a "material" one that you are required to disclose. Indeed, according to IBM, breaches that can be identified and resolved within 200 days cost, on average, more than $1M (23%) less than breaches identified and contained in over 200 days. Id. at 7. What are the most important steps your organization can take to reduce the time it takes to identify and contain an incident? According to IBM's research, focus on the following: 1. SECURITY AI & AUTOMATION: Organizations that extensively used security AI and automation were able to identify and contain a breach 34% faster than those that did not. Limited use of Security AI and Automation also made a significant impact, with an average time to identify and contain a breach by 28%. Id. at 53. 2. ATTACK SURFACE MANAGEMENT SOLUTION (ASM): Having an ASM solution reduced the time to identify and contain a breach by 25%. Id. at 60. According to Gartner, some popular ASM solutions include Microsoft Defender, Crowdstrike Falcon, and Palo Alto Cortex. See https://lnkd.in/emRd2dTY. 3. MANAGED SECURITY SERVICE PROVIDERS (MSSP): Organizations with MSSPs were able to identify and contain breaches 20% faster than those without MSSPs. See See https://lnkd.in/eFTF9XKQ at 61. 4. IR TEAM AND TABLETOP EXERCISES: The dual strategy of forming an IR team and testing an IR plan reduced the time to identify and contain a breach by 19.4%. Testing the IR plan without forming a team was nearly as effective, resulting in a difference of 17%. Id. at 55. 5. AUTOMATED RESPONSE PLAYBOOKS OR WORKFLOWS: Organizations with automated response playbooks or workflows designed specifically for the type of attack that occurred (e.g., ransomware) were able to contain the incident 16% faster than those that did not have such playbooks or workflows. Id. at 35. 6. THREAT INTELLIGENCE: Organizations that used threat intelligence uncovered breaches in 13.9% less time than those without a threat intelligence investment. Id. at 57. 7. INVOLVEMENT OF LAW ENFORCEMENT: Total time to identify and contain an incident was 11.4% with law enforcement involvement. Consider taking some of these steps to reduce the amount of time it takes you to identify and contain a security incident, and thereby, reduce the impact of the incident.

How Do You Measure the Impact of an Agentic AI SOC Analyst? 🤔 Agentic AI is transforming Security Operations Centers (SOCs) by addressing critical challenges such as alert fatigue, high costs, and low morale. But how do organizations measure its impact on their security operations? Here’s how customers are answering this question for their teams, executives, and boards: 1. Efficiency: Saving Time ⏱️ Agentic AI eliminates manual, repetitive tasks like triaging and investigating alerts. This leads to faster investigations and reduced Mean Time to Respond (MTTR). By automating these processes, SOC teams can focus on higher-value tasks such as threat hunting. 2. Risk Reduction: No Alerts Ignored 🛡️ AI SOC Analysts investigate every alert—whether low, medium, or high severity—within minutes. This comprehensive approach ensures no potential threat goes unnoticed and reduces dwell time, minimizing the impact of security incidents. 3. Reduced Costs: Doing More with Less 💸 Organizations can achieve greater operational efficiency without increasing headcount. By automation and streamlining workflows, Agentic AI reduces the cost of running a SOC while improving overall security posture. 4. Improved Morale: Retaining Talent 😊 Alert fatigue and monotonous tasks often lead to burnout among SOC analysts. Agentic AI alleviates this by handling routine tasks, allowing analysts to focus on engaging and strategic work. This boosts job satisfaction and accelerates career growth for junior analysts. 5. Higher Impact: Strategic Focus 🔍 By eliminating manual tasks, Agentic AI enables SOC teams to concentrate on complex investigations and proactive security initiatives. This shift not only improves operational efficiency but also enhances the overall effectiveness of the security team. Agentic AI augments and empowers SOC teams to work smarter, faster, and more effectively.  By measuring success across efficiency, risk reduction, cost savings, morale improvements, and strategic impact, organizations can clearly demonstrate the value of integrating AI into their security operations.

Excited to share insights from Microsoft’s study on "Generative AI and Security Operations Center Productivity." This first-of-its-kind research reveals how generative AI is transforming cybersecurity operations.   Key findings: 🔹 30%+ reduction in Mean Time to Resolution for security incidents, consistently demonstrated across various modeling scenarios 🔹 Significant cost-saving potential: SOC analysts currently spend ~3 hours daily resolving incidents, contributing to a $3.3B cost in the U.S. alone 🔹 Enhanced threat identification accuracy and speed, allowing analysts to handle more incidents in less time   These findings underscore the transformative potential of tools like Microsoft Security Copilot in reducing security incident resolution times and improving SOC efficiency. Looking ahead, I'm excited to see how these GAI tools continue to evolve and strengthen the cybersecurity landscape. #Cybersecurity #MicrosoftSecurity #GenAI #Copilot   Read the full study here: