New AI Capability Improves Secureworks Median Time to Notify Customers of Incidents by Over 80%

Good threat detection requires speed and accuracy. To deliver on this, security analysts need help quickly deciding where to spend their valuable time. 2023 may be the most prolific year for ransomware to date. Average dwell times between initial access and ransomware payload delivery have dropped significantly to a median of just 24 hours. Analysts of all skill levels, but especially junior analysts, need help identifying and prioritizing threats more efficiently. AI chatbots can help when you know the right question to ask, but SecOps analysts often aren't sure what they need. That’s why Secureworks® is announcing new AI features intended to improve the efficiency and accuracy of the SecOps analyst by adding context to threats, simplifying investigations with intelligent summaries and using automation to accelerate response.

What’s New: Elevating Security Analysts with AI-Powered Threat Prioritization

Historically, analysts have been plagued with too many alerts that ultimately end up being false positives or lower severity threats, making it difficult to keep up with the sheer volume. The fear of missing a threat drives a lack of trust in their systems to prioritize the right threats. Recently, Secureworks announced a new AI-powered, patent-pending threat prioritization and scoring engine in Secureworks Taegis™ XDR that uses a unique Threat Score to prioritize real threats.

The prioritization engine removes these “noise alerts” and internal testing over the last 12 months showed it reduced SecOps’ workload by over 50 percent. This drives efficiency and accuracy, improving our time to notify customers of incidents by over 80 percent. The engine prioritizes threats based on an organization’s unique security context and threat landscape to:

Reduce noise so analysts can focus on threats that are likely to have the greatest impact.
Add appropriate context based on learnings from the Secureworks global customer base¹ and expert team of analysts to predict the risk a threat presents to an organization.
Reduce time to respond by making it easier to understand the potential impact of a threat.
Automatically resolve critical and high alerts that are identified as benign based on previous experience of the customer environment and handling of alerts across all Secureworks customers.

The Secureworks proprietary Threat Score provides organizations with personalized threat prioritization, presenting a clear prioritized list of alerts for analysts to visually elevate threats. It incorporates context about their security posture and environment – combined with the Secureworks global customer base – to determine the likelihood and potential impact of a threat in their environment. Since each environment is unique, alert severity alone is not a good indicator, yet that is how the industry has triaged alerts for decades and it often results in excessive false positives and wasted investigation cycles. Unlike alert severity, which represents the severity of a threat universally, the Threat Score represents the threat level tailored to the unique organization. The score ranges from 0 to 10: higher scores indicate a greater likelihood that the activity poses a real threat to the organization.

Whereas other vendors keep their data hidden in a “black box” model, Secureworks provides transparency with a summary of the key contributing factors used to generate the Threat Score for each alert. Factors that contribute to the Threat Score include global insights, organization tenant insights, number of alerts observed, percentage resolved, percentage escalated, and the percentage deemed to be malicious. This means analysts don’t have to manually stitch together data to understand the scores. The contributing factors to the Threat Score are continuously improving based on learnings from alerts that are created, triaged and found to be malicious within the customer environment as well as learnings from the global Secureworks customer base.

In addition to the threat prioritization and scoring engine, Secureworks also introduced new AI-generated investigation summaries. Security analysts spend significant time understanding investigations. Now, analysts can use AI to draft a summary of an investigation, including important context and alert details, saving 90 percent of the time it takes to write investigations.

Internally, the Secureworks SOC is using generative AI to explain complex information that often consumes an analysts’ time, such as detection logic, command lines, the script block in an alert or the associated threat intelligence. Understanding detection logic, for example, involves complex algorithms and methodologies that require a deep understanding of different types of cybersecurity threats and how to identify them. Generative AI helps our analysts interpret complex information faster and reduces the chances of misunderstanding or missing a real threat.

What’s Next: Supporting Analysts by Predicting and Preventing Attacks with AI

Secureworks is focused on using AI to improve the efficiency and accuracy of SecOps analysts. AI up-levels analysts and gives organizations the power to control all aspects of their security posture – from detection to prioritization to response – with unmatched efficiency and speed.

Secureworks is continuously improving and expanding our AI capabilities to enhance threat detection and response. We are continuing to train our machine learning models to identify and respond to cyber threats in real-time. This enables us to detect and mitigate threats more effectively by predicting future threats and vulnerabilities based on past patterns and current trends.

Another important focus is insider threat detection. While external threats traditionally receive significant attention in cyber defense strategies, we recognize the value of detecting suspicious activities and behaviors within an organization's network. AI will play a crucial role in identifying and mitigating insider threats in real-time, enabling us to proactively address potential risks.

With the industry continually innovating across the spectrum of AI, Secureworks is harnessing these technologies to optimize security efficacy and reduce mean time to resolve security incidents. AI has so much potential to change the dynamics of cybercrime, and we’re working with customers and partners to responsibly shape a better future.If you’re a Secureworks customer using Taegis XDR or Taegis ManagedXDR, our AI-driven technology is already working for you. If you’re not a Secureworks customer, you’ve read yet another reason that you should be. Try Taegis today!