Security News > 2021 > March > The Cusp of a Virtual Analyst Revolution

The near future evolution of the Virtual Analyst is being driven by two competing and intwined motions -the growing need for real-time threat response, and the inaccessibility of deep security knowledge and expertise.

Although that Virtual Analyst capability will be tightly bound to a product, the second Virtual Analyst motion centers around access to deep security expertise.

If a product-bound Virtual Analyst can be considered a quick-learning high-speed generalist, the second motion can be thought of as a flexible "On-call" specialist-augmenting the security operations team's investigative and response capabilities as needed-and may be conceptually akin to the on-demand specialist services provided by traditional managed security service and incident response providers.

The differentiated value of cloud-based Virtual Analyst solutions will lie in leveraging broader internet-spanning datasets for threat detection and attribution, and powerful, rapid, ad hoc forensic-level investigation of incidents and response.

The in-house SOC team may engage the Virtual Analyst to augment an ongoing investigation by temporarily connecting it to their on-premises SIEM, and receive targeted direction for capturing and collecting incident-relevant non-SIEM data that are uploaded and automatically investigated by the virtual analyst as well as incorporated for real-time instruction on system recovery and attack mitigation.

Virtual analyst advancements will indeed increase the speed, fidelity, and efficacy of threat detection and incident response within the enterprise-replacing almost all repeated and repeatable analyst tasks.

News URL

http://feedproxy.google.com/~r/Securityweek/~3/HE5dJ2XbZfw/cusp-virtual-analyst-revolution