Tag Archives: IR

Product Review: Cyber AI Analyst

Best enterprise security solution finalists announced by SCMagazine. DarkTrace’s Cyber AI Analyst is one of these solutions, and since I like its mentality, want to write something about it.

For most of the organizations, one of the biggest problems of today is to have and keep qualified analysts. Because of the attacks developing day by day, newly established and growing SOCs and growing teams, it became more difficult to have qualified analysts and/or keep them. Mostly, organizations try to educate young people as analyst but mostly they cannot keep them.

So, unfortunately, most of the organizations are living without a sufficient number of analysts. Cyber AI Analyst is a solution that focuses on this problem. SCMagazine wrote as;

Detected and contained the spread of a state-sponsored campaign across several organizations globally in March 2020, generating detailed reports of the incidents in real time — weeks before the attack was publicly attributed to APT41.

According to DarkTrace, it took 3 years to develop Cyber AI Analyst. It has been developed by observing real/human analysts’ behaviors, about investigation and triage. AI can react as expert analysts against an incident. It can analyze and prioritize incidents and reports what you need as an incident report like malicious files that caused that incident, C&C connections, domains and all infected endpoints. Normally, it takes hours to check all related logs to find these information about the incident.

Thus, even the organization has a small number of analysts, security teams can have a valuable incident report. So, these team members can focus other tasks instead of spending hours in SIEM.