We had the pleasure to talk with Peter Ruta, CEO of Arcanna.ai to explore the challenges faced in security operations centers (SOCs). These challenges often involve limited decision-making capacity and fatigue by the analysts, which can be amplified by the high demand for experienced security analysts and the significant turnover in the role. As a result, the loss of valuable expertise and experience can greatly impact the effectiveness of SOCs.
SOCs have become the standard in most enterprises, whether they are internal or outsourced. There has been a significant push for 24/7, 365-day monitoring to ensure full coverage and visibility for companies of all sizes. This often requires multiple shifts and numerous analysts to provide adequate coverage. The demand for experienced security analysts is quite high, and the turnover rate in this role creates a massive demand for professionals. When an individual leaves a position, they take their experience and expertise with them, making retention of this knowledge essential in a SOC environment.
Arcanna's innovative platform employs the power of artificial intelligence (AI) to read and analyze data, harnessing the knowledge and expertise of human analysts who train the system.
This unique approach alleviates the burden on human decision-makers, resulting in a significant increase - up to eight to nine times - in decision-making capacity, depending on the specific operation. The accuracy of the AI models is a direct reflection of reduced fatigue, as the platform effectively emulates human decision-making, alleviating stress for analysts.
Peter emphasizes the importance of better security through better detection. He explains that improved detection comes from experience and the ability to interpret data by analysts in a specific way. However, relying on people to understand all the different alerts coming from hundreds of various tools and logs can be challenging. Moreover, people may not enjoy working shifts all the time, and their performance may degrade at certain hours of the day. Most junior analysts can handle such a schedule for six months to a year, and some may even stick around for two years, but eventually, they move on to other roles.
Arcanna.ai aims to solve this problem by retaining the expert analyst's decision-making logic and make it available and repeatable to the analysts at any given moment. The platform functions as an augmented helper to provide analysts with the best response to tickets, ensuring that the response aligns with the company's methodology and knowledge. Arcanna.ai relies on methods already developed in the company by Tier 2 and Tier 3 experts using a continuous feedback loop. Incorporating human-in-the-loop feedback into a composite AI system that combines natural language processing and classification using deep learning, Arcanna.ai empowers decision-makers with augmented decision-making capabilities. By leveraging years of retained experience, the human-in-the-loop feedback loop continuously reinforces and enhances human decisions, resulting in more informed and effective choices.
Arcanna's solution sets itself apart by seamlessly integrating into existing SOC environments without the need for extra screens or dashboards. This streamlined approach maximizes its effectiveness in enhancing SOC operations, making it a key differentiator in the market.
The platform's API connectors allow it to work with current SIEM and SOAR vendors, retaining and extracting expert decision points based on real data and actions. The innovative use of AI to support and augment human expertise addresses scalability and retention challenges in the cybersecurity sector. This solution offers security professionals an efficient and reliable way to analyze data and make informed decisions, ensuring valuable knowledge and experience are retained within organizations.
In conclusion, Arcanna.ai's innovative approach showcases the revolutionary potential of AI in transforming the cybersecurity landscape. With the ever-increasing demand for security analysts and high turnover rates, incorporating AI-driven solutions like Arcanna's platform is essential in ensuring a resilient and efficient SOC.