I’ve been often asked what could AI really do from a return on investment viewpoint for a security operation center. Yes, chatting with a bot or having AI generate summaries is cool, but how could it all come together to solve a challenge faced by a SOC?
My buddy Chait posted an example of solving a real problem HERE. What is the problem … dealing with lots of vulnerabilities. Reducing the risk of vulnerabilities leads to better security so every organization wants to invest in reducing vulnerabilities. The challenge is the time and steps needed to do the work. What if AI could handle a large part of that work? Imagine AI handling these steps
- Taking a large list of vulnerabilities and abstracting the specific vulnerabilities from the rest of the data
- Analyzing each vulnerability and researching for current threat details. Such details could include
- Are threat actors currently exploiting this?
- Are organizations like mine seeing these threat actors?
- What devices, applications, etc are impacted by this vulnerabilitiy?
- How should I prioritize this vulnerability against others?
- Logging into your asset management tools and matching anything you own with a active vulnerability.
- Researching what is needed to mitigate the vulnerability … if possible
- Research any risk of breaking something by addressing the vulnerability
Each of these steps are time consuming. In the perfect world, it would be better to not receive a list of vulnerabilities, but instead, receive the results of all of this research ending with a list of only vulnerabilities that are related to you with associated risk, remediation steps and even associated asset owner contact information.
Check out Chait’s post to see how a combination of Logic apps, Microsoft Copilot for Security, and asset management tools can give this type of summary.