BrainBlog for Crogl by Eric newcomer
The Problem
Cybersecurity is an escalating game of attack and defense. No sooner than a new defense goes up, a new attack finds its way around it.
Then a new defense goes up, and so on and on. It seems as if the cycle will never end, and that organizations may never truly manage to get ahead of the criminals.
However, even as criminals continuously create new attack mechanisms, innovative cyber security companies continuously create new defense mechanisms.
In this constant battle, speed is essential – of detection and response – to prevent or minimize damage, financial or reputational.
Continuous monitoring, careful observation, and documenting all actions and reactions is also necessary for learning, improving responses, and for the historical record the auditors will want to examine should anything go wrong.
In the end, humans can only do so much, especially against new AI tools the cyber attackers exploit.
But even as AI tools create new attack vectors and exploit new vulnerabilities, AI also improves autonomous cyber defense capabilities, continuously learning and improving the defense capability.
A Solution
What’s really needed is not an entirely new technology, set of processes or people. What’s needed is a good way to speed up what’s already in place, and improve upon what’s already working.
Crogl, for example, offers an innovative AI-powered cyber security defense mechanism. Crogl autonomously detects and responds to risks and vulnerabilities, assigning tickets to itself and processing them just as if they were assigned to humans,
Instead of asking you to replace any of your existing systems and processes, Crogl uses AI to automate and improve the productivity of the staff, tools, and techniques already in place.
A network or other alert is assigned to a Crogl ticket, which automatically kicks off an investigation and executes a response plan, if one exists. If a response plan does not exist, Crogl will create or recommend one.
The Crogl knowledge graph automatically maps your data schemas so you don’t have to transform or standardize them across multiple tools.
Crogl documents each step in the investigation and remediation process for complete transparency, learning, and auditing purposes.
Crogl doesn’t wait for a human analyst to identify something suspicious and kick off an investigation. Crogl does so autonomously, creating and processing tickets and continuously learning and enhancing the system, which speeds up detection and response.
You can monitor the Crogl tickets using your SIEM, SOAR, or other existing enterprise ticketing system and follow every step in the response and view system updates.
How it Works
Responses to alerts are automatically mapped to actions and queries across data stores containing relevant data, eliminating manual handoffs and reducing the time it takes to process an alert.
The big challenge for the modern SOC is about analyst capacity and productivity in handling an increasing flood of alerts. When used as an accelerator, generative AI tools help SOC analysts handle significantly more work.
Crogl’s use of generative AI identifies the alert type, such as phishing, brute force breaking attempts, and API abuse, and then determines the optimal investigation approach across an organization’s multiple tools and data sources.
Such an AI system understands an organization’s unique data and operational processes and adapts to them, rather than attempting to replace all processes and data models.
The Intellyx Take
AI is not a substitute for human judgment. However, generative AI excels at matching language patterns, is good at creating summaries, mapping data, and triggering a list of actions.
It’s more productive to use generative AI within a larger set of tools and within your existing environment and workflows than it is to set up an entirely new environment. It’s better when the AI complements it to continuously learn and refine and improve your defenses over time.
A big part of the benefit Crogl offers is that it accelerates the capabilities of your existing tools and processes, using AI to automate the processes, improve security staff productivity, and continuously improve your knowledge and defenses, even as the criminals continue to explore new attack vectors.
Copyright © Intellyx BV. Crogl is an Intellyx customer. Intellyx retains final editorial control of this article. No AI was used to write this article. Image generated by Google Gemini.
