Journey to the AI-Enabled SOC: Genesis

The LogRhythm Journey Begins

Nearly 15 years ago, Phil Villella and I set out to change the definition of security information and event monitoring (SIEM). Our motivation originated in two fundamental beliefs:

  • First, U.S. companies and agencies were running blind when it came to detecting advanced threat actors, and as a nation, we were leaking data.

  • Second, we’d need holistic machine-based analytics to uncover these advanced threats.

The Vector Analysis Engine was the first technology that we built together. Our theory was that if we could model the behavior of user activity, we could identity compromised credentials and users that had gone rogue. Our early work determined that our thesis was promising. We could see outliers in the data—users whose behavior had shifted over time—and this shift potentially indicating a threat.

Our initial work proved the existing class of SIEM solutions was architecturally flawed. To realize our analytics vision, we had to transform the notion of SIEM from a security event correlation technology into a holistic machine data analytics technology. We knew that if we were to have a chance at accurately detecting the evidence of advanced threat actors operating from within the IT environment, we’d need broader forensic visibility and the ability to apply advanced analytics models across 100 percent of that data. So we set out to build a platform that could satisfy these needs.

Realizing Our Goal of the Artificial Intelligence-Enabled SOC

Today, we largely realized our initial vision, as we have built the industry’s leading platform for Threat Lifecycle Management. The LogRhythm platform is built on a holistic machine data analytics foundation, able to apply a variety of analytics methods across 100 percent of the data in support of advanced threat detection, and provides security teams with streamlined workflow and automation to enable rapid response to qualified threats and incidents.

However, while today we’re a leading innovator in our market, we are far from done. The challenge of detecting 100 percent of threats with 100 percent accuracy is far from solved. To further our realization of this quest, we have spent the past two years building our next foundational analytics technology: CloudAI.

Introducing CloudAI: Powering the SOC with Artificial Intelligence and Machine Learning

We architected CloudAI to further our analytics vision, specifically through the application of artificial intelligence (AI) technologies, such as machine learning (ML). We believe the field of AI will transform threat detection and workflows within the SOC over the next decade. We intend to be the leader in this pursuit—ultimately delivering what we refer to as the AI-enabled SOC.

As a company, we are confident LogRhythm is uniquely positioned to lead this AI technology revolution. Our confidence is based on three factors that are critical for unlocking the promise of AI/ML: data, domain, and data science.

First, we live and breathe machine data. Our patented data processing technology unlocks a deep and consistent comprehension of machine data for over 800 types of technologies. Data quality is ingredient no. 1 for AI/ML success. Second, we have incredibly deep domain knowledge when it comes to detecting threats through holistic analytics methods within our engineering and threat research teams. We have been doing this for years in support of our existing User Entity & Behavioral Analytics (UEBA) and Network Traffic & Behavioral Analytics (NTBA) solutions. Last, we have the data science. Data science was our origin 15 years ago, and since then, we have built an incredibly talented team of data scientists focused on our customer mission.

With the introduction of CloudAI, we further unlock our expertise in the realm of data science for the benefit of our customers and the market. Our initial application of CloudAI will serve to enhance our existing UEBA offering through deeper behavioral modeling of user activity, with a combination of supervised and unsupervised machine learning. We are excited to see our UEBA customers benefit from CloudAI, realizing additional simplicity, acceleration, and accuracy when it comes to the detection of user-based threats.

With today’s launch of CloudAI, we are immensely proud and excited to be taking yet another innovative step forward towards our vision of delivering the AI-enabled SOC. Please check back for future blogs that will further describe this customer mission and journey.

Learn More About CloudAI

More from Chris Petersen

The Best Gets Better: Introducing LogRhythm 7.2

Avoid Major Data Breaches with Effective Threat Lifecycle Management

Cybersecurity Advice for President-Elect Trump: Maintain Bi-Partisan Momentum and Step on the Gas