What SOC tools miss at 2:13 AM: Gen AI attack chains exploit telemetry lag-Part 1

2:13 a.m.

The attackers on the other side of the planet launched a large -scale attack on the company’s infrastructure. Thanks to many uniforms that have not seen an update since 2022, they blew their surroundings in less than a minute.

The attackers who enjoy the skills of the nation -state team are after Active Directory to close the entire network while creating new privileges at the supervisor level, which will stop any attempt to close. Meanwhile, other members of the attack team firing hordes of robots designed for GB of Gigabytes from the customer, employee and financial data through the application programming interface that has not been disabled at all after the last version of the main products.

In SOC, alerts begin to light keyboards like the latest Grand Theft Auto on the Nintendo key. SOC analysts get their mobile phones, and they try to sleep from another week for six days, as many of them have registered approximately 70 hours.

Ciso receives a call at about 2:35 am from the company’s MDR provider, saying that there is a large -scale breach. “It is not our indignant accounting team, right? The man who tried” office space “is not in that again, right?” Ciso asks half a awake. The MDR Lead team says no, this is from Asia, which is large.

The next storm of cybersecurity: GEN AI, threats from the inside, and the height of exhaustion in Ciso

The Introduction I intelligence creates a digital diaspora of technologies, technologies and trade that everyone adopts, from rogue attackers to the electronic armies of the nation -state trained in the art of Cyberwar. Internal threats are also increasing due to functional insecurity and increasing inflation. All of these challenges and more on the shoulders of CISO, and it is no wonder in dealing with fatigue.

The height of the meteorite from artificial intelligence for hostile and legal use is in the midst of everything. Obtaining the most important benefit from artificial intelligence to improve cybersecurity while reducing risk is what management councils that drive CISO to achieve.

This is not an easy task, as artificial intelligence safety develops very quickly. In the latest data resistance in Gartner about safety and risk management, analysts company has addressed how leaders respond to Gen AI. They found that 56 % of organizations are already deploying Gen AI solutions, however, 40 % of security leaders recognize large gaps in their ability to manage the risks of artificial intelligence effectively.

Gen AI is more deployed InfrasInfrastructure security, where 18 % of institutions work completely and 27 % are actively carried out by artificial intelligence systems today. The second is the security operations, as 17 % of institutions have fully used intelligence systems in use. Data safety is the third most popular use, with 15 % of Gen AI systems to protect cloud, hybrid, backup and data storage systems.

Internal threats require a response from artificial intelligence

Gen Ai re -arranged the internal threat of each company today, which makes the interior More independent threats, treacherous and cHallenGing to select. Shadow AI is a threat transmission that no CISO could not imagine five years ago, and now it is one of the most threat surfaces.

“I see this every week,” I tell Vineet Arra, CTO in Winwire, Venturebeat recently. “The departments jump on the unbeatable artificial intelligence solutions because the immediate benefits are very attractive to ignore them.” Arra is rushing to point out that the employees are not intentionally lost. “It is very important for organizations to determine strong security strategies while enabling employees to use artificial intelligence techniques effectively,” explains Arra. “The total ban is often pushed to the use of Ai Underground, which only inflates the risks.”

“We see 50 new artificial intelligence applications per day, and we have already been indexed by more than 12000,” Etamar Golan, CEO and co -founder of Form Security, said during an interview with Venturebeat. “About 40 % of this failure to train on any data you feed, which means that your intellectual property can become part of its models.”

Traditional detection models based on rules are no longer enough. The leading security teams turn to the AI-GEN behavioral analysis that creates dynamic lines for employee activities that can determine abnormal cases in actual time and contain potential risks and threats.

SellersIncluding immediate safety, Inventoint Insider, and Varonis, quickly create with the AI’s detection engines of the next generation that link the files from remote, the end point, and the actual time. Microsoft PurView risk management also includes artificial intelligence models from the next generation to identify high -risk behaviors independently across the hybrid workforce.

Conclusion – Part 1

SOC teams are in a race against time, especially if their systems are not combined with each other and more than 10,000 alerts on the day you generate are not synchronized. The attack on the other side of the planet will be at 2:13 am, a challenge to contain ancient systems. Since the opponents are unavoidable in their refinement in Tradecraft with Gen AI, more companies need an escalation and more intelligent about getting more value from their current systems.

Cyber ​​security sellers prompted the maximum value of the systems already installed in SOC. Get the integration properly and avoid turning to the SOC bottom to check the integrity of the alert from one system to another. Know that infiltration is not a wrong stimulant. The attackers show a great ability to reinvent themselves while flying. It is time for more SOCS and the companies you rely on doing the same.