{"id":5166,"date":"2023-12-06T17:49:40","date_gmt":"2023-12-06T21:49:40","guid":{"rendered":"https:\/\/solutionsreview.com\/security-information-event-management\/?p=5166"},"modified":"2023-12-06T17:50:21","modified_gmt":"2023-12-06T21:50:21","slug":"ai-in-the-soc-should-you-hire-a-bot","status":"publish","type":"post","link":"https:\/\/solutionsreview.com\/security-information-event-management\/ai-in-the-soc-should-you-hire-a-bot\/","title":{"rendered":"AI in the SOC: Should You Hire a Bot?"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-5167\" src=\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2023\/12\/3-3.jpg\" alt=\"AI in the SOC\" width=\"800\" height=\"400\" srcset=\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2023\/12\/3-3.jpg 800w, https:\/\/solutionsreview.com\/security-information-event-management\/files\/2023\/12\/3-3-300x150.jpg 300w, https:\/\/solutionsreview.com\/security-information-event-management\/files\/2023\/12\/3-3-768x384.jpg 768w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/p>\n<p><em><strong>Solutions Review\u2019s\u00a0<a class=\"fui-Link ___1idfs5o f3rmtva f1ewtqcl fyind8e f1k6fduh f1w7gpdv fk6fouc fjoy568 figsok6 f1hu3pq6 f11qmguv f19f4twv f1tyq0we f1g0x7ka fhxju0i f1qch9an f1cnd47f fqv5qza f1vmzxwi f1o700av f13mvf36 f1cmlufx f9n3di6 f1ids18y f1tx3yz7 f1deo86v f1eh06m1 f1iescvh ftqa4ok f2hkw1w fhgqx19 f1olyrje f1p93eir f1h8hb77 f1x7u7e9 f10aw75t fsle3fq f17ae5zn\" title=\"https:\/\/solutionsreview.com\/solutions-review-contributor-guidelines\/\" href=\"https:\/\/solutionsreview.com\/solutions-review-contributor-guidelines\/\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\"Link Contributed Content Series\"><u>Contributed Content Series<\/u><\/a> is a collection of contributed articles written by thought leaders in enterprise software categories. Steve Benton of <a href=\"https:\/\/www.anomali.com\/\" target=\"_blank\" rel=\"noopener\">Anomali<\/a> takes a closer look at AI in the SOC and asks the burning question: &#8220;Should you hire a bot?&#8221;<\/strong><\/em><\/p>\n<p>The possibility of AI has been inspiring for everyone, and, as a result, we\u2019ve seen a rush by both consumers and enterprises alike to adopt AI-powered tools and gadgets. CISOs have had little time to think about how to best use AI, educate their employees about its benefits and risks or create and implement the proper security guardrails and policies.<\/p>\n<p>As a former CSO for a large global organization, I understand the enormity of the challenge. Yet implementing a complete company ban on the technology is not the answer. Instead of becoming the \u201cMinistry of No\u201d, CISOs need to be the \u201cMinistry of How\u201d, which begins by treating AI as a potential new hire to make sure it is the right fit for your organization.<\/p>\n<h2><strong>AI in the SOC: Should You Hire a Bot?<\/strong><\/h2>\n<hr \/>\n<h3><strong>Create a Job Description for Your AI-powered New Hire<\/strong><\/h3>\n<p>Today we are seeing the rise of Hybrid SOCs, where AI-constructed analysts are working alongside human analysts. Unfortunately, we are seeing a lot of organizations create specifications for AI on the fly, which increases the risk and reduces the value of their investment. Instead, think of that AI-powered tool as a new person joining the team and first put together a job description that answers the following questions:<\/p>\n<ul>\n<li>What do you expect AI to do?<\/li>\n<li>How will it operate?<\/li>\n<li>How will AI work with other human analysts and\/or other technology?<\/li>\n<li>What will it allow my analysts to do better?<\/li>\n<li>What skills and experience does it need to have to be effective in the organization?<\/li>\n<li>How do you plan to handle privacy?<\/li>\n<li>How are you going to train it?<\/li>\n<li>How are you going to look after it?<\/li>\n<li>If something goes wrong, how will you rebuild it?<\/li>\n<\/ul>\n<p>Now that you understand the role the technology will play in your SOC, test it. Whenever CISOs recruit human analysts into their SOCs, they often will give them actual technical exercises to perform to prove that they&#8217;re going to be an asset in the security operation for that business. Why wouldn&#8217;t you do that before adopting AI into your SOC? Once the AI technology is adopted, just like an employee, gather feedback on its performance and identify other training needs they might have. Be sure to put in place an effective feedback loop.<\/p>\n<h3><strong>AI Will Not Replace Humans<\/strong><\/h3>\n<p>While AI can help analysts manage and prioritize the alert \u201cmerry-go-round\u201d and other tedious tasks, it doesn&#8217;t mean you should replace human analysts with racks of machines. AI is just freeing up the human analysts to deal with bigger problems and actually get out ahead of the security threats and make the security posture more dynamic so it can flex based upon the threats that are coming towards the organization. AI has the ability to process vast amounts of information beyond human capacity.<\/p>\n<p>There is no doubt that every SOC is constrained by the limitations of data they can humanly process &#8211; the rest &#8211; the \u2018Dark Data\u2019 &#8211; holds the full picture of threats, which means that SOCs are only \u2018solving what they can see\u2019. But with advances in big data and AI, actionable visibility into this Dark Data bonded with the latest threat intelligence is possible at machine speed. The insight from this is a game-changer!<\/p>\n<p>Yet no matter how good we may think AI is, it is not a replacement for a human being. A human has the ability to think outside of a box that&#8217;s been defined for it, to intuit, and to make a leap that an AI-powered analyst might not make. Keep in mind that the bad guys will continue to be bad guys, i.e. bad humans, and they will be using AI, of course, to assist them in flexing, morphing, and modifying their attacks. Yet our adversaries will always have humans involved in part of their offense, so we should not disadvantage ourselves by taking humans out of the equation on the defensive team.<\/p>\n<p>AI should never be in a position to unilaterally affect operations, especially those that involve other human beings, and potentially their safety. It needs to be used alongside humans, and humans need to be involved in what&#8217;s happening, including any key decisions that it is proposing, unless you have completely satisfied yourselves that there is no threat to the organization or any of its employees or customers.<\/p>\n<h3><strong>The Future of AI in the SOC\u00a0 <\/strong><\/h3>\n<p>It is still early days for completely understanding all the possible use cases of AI in the SOC. I expect we will learn more as we continue to see greater collaboration among AI technology providers, security practitioners, and customers, who are using the tools to defend against persistent, fast-changing adversaries. I\u2019m optimistic \u2013 I already see a lot of positivity in how AI is earning its place in the SOC and becoming more applicable and trustable.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Solutions Review\u2019s\u00a0Contributed Content Series is a collection of contributed articles written by thought leaders in enterprise software categories. Steve Benton of Anomali takes a closer look at AI in the SOC and asks the burning question: &#8220;Should you hire a bot?&#8221; The possibility of AI has been inspiring for everyone, and, as a result, we\u2019ve [&hellip;]<\/p>\n","protected":false},"author":311,"featured_media":5167,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[551,1],"tags":[],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>AI in the SOC: Should You Hire a Bot?<\/title>\n<meta name=\"description\" content=\"Steve Benton of Anomali takes a closer look at AI in the SOC and asks the burning question: &quot;Should you hire a bot?&quot;\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/solutionsreview.com\/security-information-event-management\/ai-in-the-soc-should-you-hire-a-bot\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"AI in the SOC: Should You Hire a Bot?\" \/>\n<meta property=\"og:description\" content=\"Steve Benton of Anomali takes a closer look at AI in the SOC and asks the burning question: &quot;Should you hire a bot?&quot;\" \/>\n<meta property=\"og:url\" content=\"https:\/\/solutionsreview.com\/security-information-event-management\/ai-in-the-soc-should-you-hire-a-bot\/\" \/>\n<meta property=\"og:site_name\" content=\"SIEM Tools &amp; Security Event Management | Solutions Review\" \/>\n<meta property=\"article:published_time\" content=\"2023-12-06T21:49:40+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-12-06T21:50:21+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2023\/12\/3-3.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"400\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Steve Benton\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Steve Benton\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/ai-in-the-soc-should-you-hire-a-bot\/\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/ai-in-the-soc-should-you-hire-a-bot\/\",\"name\":\"AI in the SOC: Should You Hire a Bot?\",\"isPartOf\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/ai-in-the-soc-should-you-hire-a-bot\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/ai-in-the-soc-should-you-hire-a-bot\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2023\/12\/3-3.jpg\",\"datePublished\":\"2023-12-06T21:49:40+00:00\",\"dateModified\":\"2023-12-06T21:50:21+00:00\",\"author\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/0b6e391f6b91a65af8af8f10967143c7\"},\"description\":\"Steve Benton of Anomali takes a closer look at AI in the SOC and asks the burning question: \\\"Should you hire a bot?\\\"\",\"breadcrumb\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/ai-in-the-soc-should-you-hire-a-bot\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/solutionsreview.com\/security-information-event-management\/ai-in-the-soc-should-you-hire-a-bot\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/ai-in-the-soc-should-you-hire-a-bot\/#primaryimage\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2023\/12\/3-3.jpg\",\"contentUrl\":\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2023\/12\/3-3.jpg\",\"width\":800,\"height\":400,\"caption\":\"AI in the SOC\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/ai-in-the-soc-should-you-hire-a-bot\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/solutionsreview.com\/security-information-event-management\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"AI in the SOC: Should You Hire a Bot?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#website\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/\",\"name\":\"SIEM Tools &amp; Security Event Management | Solutions Review\",\"description\":\"Evaluating Enterprise SIEM Systems, Log Management Analytics &amp; SOAR Platforms.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/solutionsreview.com\/security-information-event-management\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/0b6e391f6b91a65af8af8f10967143c7\",\"name\":\"Steve Benton\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/486237826a10a25de7f54168ab61a03e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/486237826a10a25de7f54168ab61a03e?s=96&d=mm&r=g\",\"caption\":\"Steve Benton\"},\"description\":\"Steve Benton is Vice President of Threat Research and General Manager Belfast at Anomali. His experience in cybersecurity spans three decades including 18 years at BT, one of the world\u2019s leading communications companies, where he served as Deputy CISO and CSO. An industry security expert, he\u2019s a contributing member of the Cyber Defenders Council, Fellow of the Chartered Institute of Information Security and advisor to the i4 C level community.\",\"sameAs\":[\"https:\/\/www.anomali.com\/\"],\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/author\/sbenton1\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"AI in the SOC: Should You Hire a Bot?","description":"Steve Benton of Anomali takes a closer look at AI in the SOC and asks the burning question: \"Should you hire a bot?\"","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/solutionsreview.com\/security-information-event-management\/ai-in-the-soc-should-you-hire-a-bot\/","og_locale":"en_US","og_type":"article","og_title":"AI in the SOC: Should You Hire a Bot?","og_description":"Steve Benton of Anomali takes a closer look at AI in the SOC and asks the burning question: \"Should you hire a bot?\"","og_url":"https:\/\/solutionsreview.com\/security-information-event-management\/ai-in-the-soc-should-you-hire-a-bot\/","og_site_name":"SIEM Tools &amp; Security Event Management | Solutions Review","article_published_time":"2023-12-06T21:49:40+00:00","article_modified_time":"2023-12-06T21:50:21+00:00","og_image":[{"url":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2023\/12\/3-3.jpg","width":800,"height":400,"type":"image\/jpeg"}],"author":"Steve Benton","twitter_misc":{"Written by":"Steve Benton","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/ai-in-the-soc-should-you-hire-a-bot\/","url":"https:\/\/solutionsreview.com\/security-information-event-management\/ai-in-the-soc-should-you-hire-a-bot\/","name":"AI in the SOC: Should You Hire a Bot?","isPartOf":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#website"},"primaryImageOfPage":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/ai-in-the-soc-should-you-hire-a-bot\/#primaryimage"},"image":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/ai-in-the-soc-should-you-hire-a-bot\/#primaryimage"},"thumbnailUrl":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2023\/12\/3-3.jpg","datePublished":"2023-12-06T21:49:40+00:00","dateModified":"2023-12-06T21:50:21+00:00","author":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/0b6e391f6b91a65af8af8f10967143c7"},"description":"Steve Benton of Anomali takes a closer look at AI in the SOC and asks the burning question: \"Should you hire a bot?\"","breadcrumb":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/ai-in-the-soc-should-you-hire-a-bot\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/solutionsreview.com\/security-information-event-management\/ai-in-the-soc-should-you-hire-a-bot\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/ai-in-the-soc-should-you-hire-a-bot\/#primaryimage","url":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2023\/12\/3-3.jpg","contentUrl":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2023\/12\/3-3.jpg","width":800,"height":400,"caption":"AI in the SOC"},{"@type":"BreadcrumbList","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/ai-in-the-soc-should-you-hire-a-bot\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/solutionsreview.com\/security-information-event-management\/"},{"@type":"ListItem","position":2,"name":"AI in the SOC: Should You Hire a Bot?"}]},{"@type":"WebSite","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#website","url":"https:\/\/solutionsreview.com\/security-information-event-management\/","name":"SIEM Tools &amp; Security Event Management | Solutions Review","description":"Evaluating Enterprise SIEM Systems, Log Management Analytics &amp; SOAR Platforms.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/solutionsreview.com\/security-information-event-management\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/0b6e391f6b91a65af8af8f10967143c7","name":"Steve Benton","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/486237826a10a25de7f54168ab61a03e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/486237826a10a25de7f54168ab61a03e?s=96&d=mm&r=g","caption":"Steve Benton"},"description":"Steve Benton is Vice President of Threat Research and General Manager Belfast at Anomali. His experience in cybersecurity spans three decades including 18 years at BT, one of the world\u2019s leading communications companies, where he served as Deputy CISO and CSO. An industry security expert, he\u2019s a contributing member of the Cyber Defenders Council, Fellow of the Chartered Institute of Information Security and advisor to the i4 C level community.","sameAs":["https:\/\/www.anomali.com\/"],"url":"https:\/\/solutionsreview.com\/security-information-event-management\/author\/sbenton1\/"}]}},"_links":{"self":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/posts\/5166"}],"collection":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/users\/311"}],"replies":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/comments?post=5166"}],"version-history":[{"count":0,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/posts\/5166\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/media\/5167"}],"wp:attachment":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/media?parent=5166"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/categories?post=5166"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/tags?post=5166"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}