Leveraging AI/ML to improve MDR efficiency and reduce false positives

Read Time:1 Minute, 6 Second

Key Findings from the 2023 MDR Analysis Report:

  • The Kaspersky SOC team examined 431,512 security alerts in 2023, identifying 32,294 as valid, resulting in 14,160 incidents reported to clients.
  • Automation with AI/ML: AI-based Autoanalyst handled nearly 30% of false positives, reducing the SOC team’s workload by approximately 25%.

AI/ML in Incident Detection:

  • Supervised Learning: Models trained on known attack data to identify similar malicious behavior.
  • Unsupervised Learning: Profiling legitimate system behaviors to detect anomalies.

Challenges and Solutions:

  • False Positives: Both supervised and unsupervised learning can result in false positives.
  • SOC Workload: Autoanalyst, a machine learning model, learns from SOC analysts to filter false positives, reducing alerts needing manual investigation by at least 25%.

Balancing Detection and False Positives:

  • Detection Rules: Increasing detection rules can lead to more false positives, overwhelming SOC teams.
  • Filtering: Reducing total alerts lowers false positives but risks missing actual attacks.

Performance and Monitoring:

  • Error Margin: Autoanalyst maintains a classification error margin of less than 2%.
  • Dynamic Adjustment: Autoanalyst’s performance is continuously monitored and adjusted to ensure high-quality detection and filtering.

Conclusion:

  • Efficiency: AI/ML, specifically Autoanalyst, significantly enhances the efficiency of MDR by reducing false positives and alleviating SOC workloads.
  • Quality Maintenance: Regular re-training of Autoanalyst ensures it continues to perform effectively within acceptable error margins.

Leave a Reply

Your email address will not be published. Required fields are marked *