Generative AI Takes on SIEM

Generative AI Takes on SIEM

November 23, 2023 at 02:32AM

Vendors are incorporating generative AI into their security platforms, making it easier for security analysts to perform their tasks. IBM plans to upgrade its QRadar SIEM platform with generative AI capabilities next year. In addition, Crowdstrike’s Falcon Raptor platform will include Charlotte AI, which provides natural language responses to user queries. Microsoft has also released a preview of Security Copilot, which reduces time spent on security operations tasks. These advancements aim to automate repetitive tasks and improve efficiency for security operations teams.

Key Takeaways from Meeting Notes:

1. Several vendors are adding support for generative AI to their platforms and products, which is making life easier for security analysts.
2. IBM is upgrading its QRadar SIEM platform with a modern cloud-native architecture and plans to add generative AI capabilities next year.
3. The modernized QRadar SIEM will become part of the QRadar Suite, offering unified interface and controls for SOC analysts.
4. Other competitors such as Splunk, Palo Alto Networks, Microsoft, CrowdStrike, and Elastic have emerged with cloud-native alternatives, putting pressure on QRadar SIEM to upgrade.
5. CrowdStrike’s Falcon Raptor platform is incorporating generative AI capabilities with Charlotte AI, allowing users to ask questions in natural language and receive responses.
6. Microsoft has released a preview of Security Copilot, which provides security analysts with the ability to enter complex queries using natural language text and has been shown to reduce time spent on security operations tasks.
7. IBM has been leveraging AI in its products and global MSS SOCs, but their previous attempt to bring generative AI to Watson in 2017 did not gain much traction.
8. Overall, the inclusion of generative AI capabilities in SIEM platforms aims to automate repetitive tasks and enhance the efficiency of security operations teams.

Full Article