Skip to Content

Unlocking the power of AI and SOAR for end-to-end cybersecurity

Geert van der Linden
September 3, 2020

We see cybersecurity as having an ever-evolving, cyclical lifespan; one that needs to be consistently reviewed, defined, and redefined if we are to stay ahead of potential threats and make cybersecurity a competitive differentiator.

Underpinning this lifecycle are two critical technology developments: AI (artificial intelligence) and SOAR (security orchestration, automation, and response). These technologies are essential to the fast and accurate responses needed in today’s volatile threat landscape.

Why organizations need AI and SOAR

With an ongoing barrage of false positives, potential breaches and other IT issues, cyber analysts are finding it increasingly difficult to monitor current data volumes and velocity across firewalls. This has no doubt been exacerbated by the sudden move to working from home during the pandemic, which has strained cybersecurity teams further. In this context, signature-based cybersecurity solutions are inefficient for detecting new attack vectors.

This is where AI and SOAR can be a huge help. Last year, we researched how organizations are faring with AI in cybersecurity, and our data revealed that most organizations felt they could not identify critical threats without AI. The benefits of the technology were clear: with AI, the overall time taken to detect threats and breaches is reduced by up to 12% and the time taken to remediate a breach or implement patches in response to an attack comes down by the same amount.

Barriers to change

However, despite enthusiasm for AI’s power to improve security, implementation across the board has been slow. Just over a third of organizations, for example, had deployed SOAR, a prerequisite to ensuring optimal output for AI in cybersecurity. Moreover, only around half of executives had been able to identify the data sets required to operationalize AI algorithms.

One significant implementation challenge was raised by half of our respondents: supporting AI algorithms is difficult because of integration challenges with their current infrastructure, data systems, and application landscapes.

AI relies on these factors for effective analysis and output. Otherwise, as the technology cannot see the wider enterprise picture, its conclusions will be of limited use. To succeed, AI needs good quality, up-to-date and complete data from multiple sources that are connected to platforms and provide inputs for AI algorithms.

AI’s role in the lifecycle of cyber

For AI to work effectively, organizations need to build a roadmap that addresses infrastructure, data systems, applications landscapes, skill gaps, best practice, governance, and use case selection and implementation. This can sometimes feel like a chicken and egg problem: skills and infrastructure are needed to progress AI, but are also preventing organizations from moving forward in the first place.

This is why Capgemini has created the lifecycle of cyber proposition. Acting as a trusted partner for cybersecurity transformation, we can help organizations overhaul and improve their cybersecurity function in parallel, weaving the power of AI and SOAR across the cyber lifecycle.

Our end-to-end approach breaks down traditionally siloed cybersecurity domains and combines them into one integrated unit. By aggregating these sources, previously siloed data can be consolidated and analyzed, allowing AI and SOAR to be used to its full potential.

To find out more about how we can help you, visit https://www.capgemini.com/se-en/services/cybersecurity/

Follow Geert van der Linden on LinkedIn and Twitter.