Read Time:1 Minute, 6 Second
Key Findings from the 2023 MDR Analysis Report:
- The Kaspersky SOC team examined 431,512 security alerts in 2023, identifying 32,294 as valid, resulting in 14,160 incidents reported to clients.
- Automation with AI/ML: AI-based Autoanalyst handled nearly 30% of false positives, reducing the SOC team’s workload by approximately 25%.
AI/ML in Incident Detection:
- Supervised Learning: Models trained on known attack data to identify similar malicious behavior.
- Unsupervised Learning: Profiling legitimate system behaviors to detect anomalies.
Challenges and Solutions:
- False Positives: Both supervised and unsupervised learning can result in false positives.
- SOC Workload: Autoanalyst, a machine learning model, learns from SOC analysts to filter false positives, reducing alerts needing manual investigation by at least 25%.
Balancing Detection and False Positives:
- Detection Rules: Increasing detection rules can lead to more false positives, overwhelming SOC teams.
- Filtering: Reducing total alerts lowers false positives but risks missing actual attacks.
Performance and Monitoring:
- Error Margin: Autoanalyst maintains a classification error margin of less than 2%.
- Dynamic Adjustment: Autoanalyst’s performance is continuously monitored and adjusted to ensure high-quality detection and filtering.
Conclusion:
- Efficiency: AI/ML, specifically Autoanalyst, significantly enhances the efficiency of MDR by reducing false positives and alleviating SOC workloads.
- Quality Maintenance: Regular re-training of Autoanalyst ensures it continues to perform effectively within acceptable error margins.