How security teams are currently utilizing AI.

Artificial Intelligence (AI) is transitioning from a proof-of-concept phase into everyday security operations within Security Operations Centres (SOCs). It is now employed to reduce alert noise, assist analysts during investigations, and accelerate incident response. What was once considered experimental technology is beginning to yield measurable results for Chief Information Security Officers (CISOs). While machine learning has powered many threat detection engines and behavioural analytics tools for years, the recent surge of Generative AI (GenAI) has opened new avenues for its application. CISOs are now evaluating how these tools can be beneficial, where they require guardrails, and the implications for their teams.

Security teams often find themselves overwhelmed by alerts, with most being false positives and only a few warranting attention. AI is proving instrumental in filtering through this clutter. Vendors have developed machine learning models that sort and score alerts, learning over time which signals are significant and which can be disregarded. When optimally tuned, these models can reduce alert volumes by over fifty per cent, allowing analysts to focus on genuine threats. GenAI enhances this capability by not only ranking alerts but also summarising incidents and suggesting next steps. For instance, an analyst can receive insights into an attacker’s actions, the systems affected, and whether data was exfiltrated, significantly saving time, particularly for less experienced analysts.