Lacework Employs Machine Learning to Consolidate Alerts
Lacework has added an ability to automatically correlate disparate alerts and severity events to enable cybersecurity teams to detect the patterns used to launch a cybersecurity attack.
Kate MacLean, senior director of product marketing for Lacework, said the updates to the company’s Polygraph Data Platform for anomaly detection uses machine learning algorithms and behavioral analytics. In addition to reducing the amount of time required to thwart an attack, these updates will also help reduce overall cybersecurity fatigue.
Polygraph Data Platform is at the core of Lacework’s platform for securing cloud infrastructure and workloads by, for example, identifying misconfigurations, assessing threats and remediating vulnerabilities.
The updates to the Polygraph Data Platform enable practitioners to automatically correlate and combine, on average, seven to eight disparate events to surface early signs of active attack sequences or tactics. If an intrusion or compromise is suspected, Lacework generates a single composite alert.
Alert fatigue is one of the primary causes of turnover among cybersecurity staff. Each cybersecurity platform an organization uses generates a steady stream of alerts, many of which turn out to be either a false-positive or redundant to another alert that has already been generated.
Lacework is now using the machine learning algorithms embedded within its platforms to streamline the number of alerts that cybersecurity teams need to investigate, said MacLean.
Streamlining alerts is critical because, when confronted with a steady stream of alerts, cybersecurity teams will become inured to the point that they won’t be able to identify an actual attack hidden within a steady stream of alert noise. It’s not uncommon for a breach investigation to discover that an alert that could have prevented the attack was, for one reason or another, ignored.
At a time when most organizations are still looking to fill one or more open cybersecurity positions, reducing turnover is crucial. Machine learning algorithms and other forms of artificial intelligence won’t replace the need for cybersecurity professionals, but they will go a long way toward evening the lopsided odds stacked against them. In fact, most cybersecurity professionals will soon not want to work for organizations that don’t provide access to these tools, simply because they are not likely to be as successful without them.
It is, of course, still early days in terms of how AI is being applied to cybersecurity, but as algorithms are exposed to more data the number of tasks that can be automated will steadily grow. Each of those advances collectively improves the productivity of a cybersecurity team as cybercriminals also leverage AI to launch sophisticated attacks. In effect, cybersecurity teams are now involved in an AI arms race with cybercriminals with abundant financial resources.
It’s too early to say who will win that AI arms race, but it’s clear that cybersecurity teams without access to AI capabilities will soon find themselves operating at an insurmountable disadvantage.