Application of artificial intelligence and machine learning in a security operations center

Abstract

The security operations center's (SOC) mission is to protect digital assets (data, applications, infrastructure) from malicious attacks and breaches. The SOC accomplishes its mission through people, processes, and technologies in detecting, responding, and recovering from cyber-attacks. SOC depends on several hardware appliances and software tools such as firewalls, intrusion detection and prevention systems, sensors-based events, system logs, endpoint detection and response, threat intelligence, vulnerabilities scanner, etc. These tools and appliances generate an enormous volume of data in real-time. Therefore, tools such as security events and information management (SIEM) must analyze large volumes of data to detect malicious activities and security incidents. Machine learning and artificial intelligence technologies have the potential to detect anomalies and cyberattacks. This research focuses on how AI/ML is embedded in SOC tools.