REPORT

Sumo Logic named a Visionary in the Gartner Magic Quadrant for SIEM Read the Report

Back to blog results

September 14, 2021 By Enrico Benzoni

Supervised Active Intelligence - The next level of security automation

Taking a proactive approach to threat hunting in cybersecurity is crucial, especially today when attacks are more stealthy and more complex than ever. What this means is that the olden ways of cybersecurity relying on time-consuming manual workflows are slowly becoming obsolete, and cybersecurity teams must be supported by active learning intelligence in their threat hunting processes.

This is why, in order to respond to these pressing needs, Sumo Logic crafted Supervised Active Intelligence, which is a combination of multiple capabilities, all working together to ensure a smooth and interrupted SecOps workflow. In this article, we will describe the power of Supervised Active Intelligence - SAI, reveal its role in the cybersecurity environment, and talk about the potential of active intelligence in cybersecurity.

What is Supervised Active Intelligence - SAI?

Supervised Active Intelligence provides analysts with all the information they need to make well-informed decisions. It is a special case of machine learning which rests upon Cloud SOAR’s learning algorithm to query a user and extract relevant data. Its supervised learning algorithm leans on machine learning to:

  • Study the traits of an alert before converting it into an incident

  • Map out the input and output data

  • And use that knowledge within incident correlation processes to help security teams make faster decisions

  • Give advice and suggestions to analysts to help them make well-informed decisions

Via Supervised Active Intelligence, SOC teams can successfully decide to orchestrate, contain, report, and remediate breaches with fewer resources required and in a much quicker and more efficient manner.

Supervised Active Intelligence was built to elevate the maturity of automation in security operations, and help build a trusting relationship between humans and SOAR by allowing security professionals to take a crucial decision-making role in the path of automation.

Does active intelligence replace humans in security operations?

We said several times that SOAR does not replace humans but makes them more efficient. Many doubts are raised about the development of advanced cybersecurity technologies, mainly because it is feared that forward-thinking tools will eventually render humans obsolete. However, that is not the fact, nor it will be in the foreseeable future.

The way Supervised Active Intelligence operates is that it relies on human guidance to launch machine learning and automation initiatives. This is the principle upon which SAI was built-in Cloud SOAR. SAI follows a guided path to automation led by security professionals. Its functionality is strictly dependent on human guidance, which is the foundation of the relationship between security teams and Supervised Active Intelligence.

Supervised Active Intelligence was built to help security teams accomplish their desired targets with enhanced efficiency, speed, and performance. SAI does not, however, work autonomously.

The key element to remember here is that security teams supervise the active intelligence brought by Cloud SOAR. SAI will only launch machine learning processes after it has been instructed by the security professionals responsible for the given case. After receiving the instructions, SAI will continue on its automation journey, but it is vital to remember that ACTIVE does not mean AUTONOMOUS in this situation. SAI is and will be dependent on human guidance.

How does Supervised Active Intelligence work?

Supervised Active Intelligence in Cloud SOAR is based on the premise of human guidance. It fuses machine learning and human intelligence to formulate the end result - Supervised Active Intelligence.

More specifically, Supervised Active Intelligence is driven by the following:

  • SAI is fueled by Dual Mode playbooks (Machine-to-Human and/or Machine-to-Machine)

  • Cloud SOAR includes hundreds of playbooks based on the most prevalent international regulations and Standard Operating Procedures.

  • The playbooks could be automatically assigned and applied in incident response workflows and, providing SOC teams with full and detailed control over the situation.

  • After the analysts have analyzed the case, SAI’s machine learning algorithm recommends applicable playbooks relevant to the type of incident.

This is, in short, the basis behind the design and development of Supervised Active Intelligence in Cloud SOAR. Its role is to bring a new, more effective path to security automation that will offer a higher level of efficiency and success in incident remediation.

In other words, SAI will help humans be more effective in SecOps.

How does Supervised Active Intelligence help security teams?

SAI speeds up the decision-making process for security analysts by providing them with applicable recommendations regarding a given incident. Upon providing relevant playbooks to a certain incident based on historical precedent, SAI uses its machine learning capabilities to eliminate the false positives and create incidents when they are real and extract more intelligence relevant to the incident, ultimately helping the security professional make a fast, well-informed decision.

This saves security professionals from the time-consuming hassle of having to search for relevant information regarding an incident on various tools. Here’s exactly how SAI gives humans the much-needed edge in security operations:

Phase #1:

Eliminating false positives via TRIAGE capabilities and creating incidents that are real. SAI supports analysts with its TRIAGE capabilities in order to eliminate false positives and create incidents when they are real. To help you accomplish that, our team helps you set incident rules that will enable the SAI engine to understand what qualifies as a false positive and what falls into the category of incidents.

Phase #2

Allowing analysts to make the right decision by recommending relevant playbooks. SAI supports analysts by allowing them to make well-informed decisions. The Supervised Active Intelligence engine recommends the right playbooks and uses its machine-learning algorithm to find the most suitable way to respond to the incident. It Enriches the team with the right information to help them launch an immediate response to the incident.

Via Supervised Active Intelligence, CISOs and SOC Managers will have a great way to incorporate machine learning into their security operations without disrupting the existing workflow within their SOC team.

All in all, there is literally no downside in incorporating Supervised Active Intelligence into your conventional SecOps. Your analysts will still be behind the scenes controlling the wheel, with the only difference being that SAI will perform all the time-consuming and repetitive tasks for them.

Supervised Active Intelligence represents the new age of progressive automation

Bottom line is, security leaders are trying to find new ways to make automation in security operations more effective. Humans are yet to give automation their full trust, but with SAI, automation in cybersecurity is taking a great forward.

Automation is deemed as a core pillar in the heart of security automation, along with machine learning and active intelligence. And by refining the development of security automation, humans will get a much-needed helping hand that will boost the efficiency, speed, and accuracy of their security operations. Learn more about the other powers of Cloud SOAR and the bountiful benefits of progressive automation.

Complete visibility for DevSecOps

Reduce downtime and move from reactive to proactive monitoring.

2021 GigaOm Radar Report for SOAR

See why Sumo is recognized as a Leader and Outperformer

Read the report

Enrico Benzoni

Manager, Marketing and Technology Alliances

More posts by Enrico Benzoni.

People who read this also enjoyed