Latest news with #SecurityOperationsCentre
Techday NZ
30-04-2025
- Business
- Techday NZ
SentinelOne launches Purple AI Athena to boost SOC automation
SentinelOne has announced the introduction of new agentic artificial intelligence capabilities as part of its latest Purple AI Athena release. The release of Purple AI Athena introduces features aimed at automating and accelerating security operations tasks that are typically undertaken by Security Operations Centre (SOC) analysts, including the triaging, investigation, and remediation of security threats. These capabilities are designed to support increasingly overstretched security operations teams by reducing the mean time to respond (MTTR) and mitigating alert fatigue. According to the details disclosed, Purple AI Athena leverages AI that mimics the iterative thinking processes and deductive reasoning of experienced SOC analysts. The underlying system utilises SentinelOne's security models and agentic framework to execute investigations on suspicious activities across multiple data sources. Orchestrating multi-step response actions, it aims to remediate threats in a matter of seconds, contrasting with more traditional approaches that can require hours. The AI is reported to be fine-tuned through an advanced combination of neural networks working across trillions of security-relevant data points. This architecture is bolstered by a global network of security professionals who provide continuous feedback, resulting in what SentinelOne describes as a scalable approach to autonomous security operations. The platform's Auto Triage feature applies deep security reasoning to conduct similarity analysis on alerts, identifying and prioritising those more likely to be true positives. Auto Triage is stated as being made generally available with the new release. The Purple AI Athena release also features full-loop remediation and response, powered by what the company refers to as Singularity Hyperautomation. The agentic AI system within Purple AI employs no-code workflow capabilities, automatically creating detection rules and transforming insights from investigations into autonomous processes. It provides security teams with result summaries and prompts analysts to convert tasks and insights into reusable automation workflows. These workflows reportedly enable the system to investigate and resolve alerts, learning and improving remediation actions over time. This move is intended to move beyond basic, rules-based automation in security operations, facilitating more comprehensive and orchestrated responses to threats. Another significant component of the announcement is the data-agnostic integration feature. With this release, security operations teams can directly use Purple AI with third-party Security Information and Event Management (SIEM) systems and security data lakes without the need for data migration. Alerts are ingested and correlated in real time, after which Purple AI applies streaming analytics and remediation actions. This is intended to enable organisations to avoid incurring additional costs or delays due to data transfers or integration steps, providing immediate access to advanced AI-driven security operations across diverse environments. SentinelOne states that Purple AI's development has benefited from broad adoption in production environments since its initial unveiling in 2023. The company's proprietary sensor architecture is described as supporting granular, customer-specific tuning of data collected from endpoints and cloud workloads. This data is processed within SentinelOne's AI-powered SIEM, and the resulting dataset is continuously refined via feedback from SentinelOne's Managed Detection and Response (MDR) team and global partners. The Purple AI Athena release includes expanded agentic AI capabilities such as AI-powered data integrations, automated threat hunting and detection, auto-triage and investigations, rule creation for new detection scenarios, automated response and reporting, and AI-powered support functions. Tomer Weingarten, Co-Founder and Chief Executive Officer of SentinelOne, commented, "AI and automation have long held the promise of fundamentally transforming security operations and supercharging analysts to detect and respond – at machine speed – to threats from even the most sophisticated nation state adversaries and cyber criminals. At RSA, we're revealing the industry's first true end-to-end agentic AI cybersecurity platform built on over a decade of security expertise – and we're bringing it to all security data in the modern SOC." He added, "By delivering agentic AI automation and orchestration capable of reasoning and responding like an advanced security analyst, we believe humans get empowered even more as they assume supervision of these systems - an important role that will also shape the coming generation of security service providers."
Techday NZ
23-04-2025
- Business
- Techday NZ
Rapid7 launches Intelligence Hub to streamline threat response
Rapid7 has introduced Intelligence Hub, an integrated solution aimed at providing security teams with contextual and actionable threat intelligence for more efficient detection and response. Intelligence Hub has been developed in response to ongoing issues confronting security operations teams, such as fragmented intelligence platforms, the absence of relevant context, and difficulties in threat prioritisation. According to Rapid7, two-thirds of Security Operations Centre (SOC) analysts in a recent survey reported a significant increase in the volume of security alerts in the last three years. Furthermore, 70% of respondents noted that the number of security tools they use has also markedly increased. The new Intelligence Hub delivers data that is curated by Rapid7 Labs, incorporating proprietary sources such as the company's honeypot data and exclusive research. Rapid7 states that it rigorously verifies low-prevalence, high-impact threat indicators, reducing the likelihood of false positives. This allows security teams to automate more of their response processes and focus on the most pertinent threats. The intelligence is delivered directly in the Rapid7 Command Platform, which enables high-fidelity, curated intelligence to be incorporated into the day-to-day workflow of security analysts. This integration is intended to ensure that actionable data is prioritised and can be trusted by those responsible for managing security incidents. Raj Samani, Chief Scientist at Rapid7, said: "Security organisations are drowning in noise, making timely responses to threats nearly impossible. Intelligence Hub addresses this challenge by focusing on curated intelligence, providing only the most relevant and verified indicators to enable rapid and effective action." Beyond the core offering of curated intelligence, Intelligence Hub includes contextual details intended to help security teams prioritise threats in light of their sector, geography, and vulnerabilities. The platform also incorporates information regarding threat actors' tactics and techniques, and gives users a clear methodology for attributing potential attacks. Rapid7 reports this will help with targeted remediation and better allocation of resources within security teams. The company has outlined several key benefits of its Intelligence Hub, including seamless integration with existing workflows. For example, threat intelligence is provided directly within Rapid7's Command Platform tools, such as InsightIDR, to eliminate the need for context-switching and to speed up response times. Intelligence Hub is also designed to surface only the most relevant threats based on current attacker campaigns, the industries targeted, and the exploitability of vulnerabilities. Additional features include the unification of global threat intelligence curated by Rapid7 Labs researchers from sources such as Rapid7 honeypots, open source communities, and proprietary research. The intelligence is prioritised based on its relevance to individual customers' sectors, geography, and likely vulnerabilities, aiming to support more proactive security postures. Feedback from industry analysts highlights ongoing challenges with threat intelligence solutions. Monika Soltysik, Senior Research Manager at IDC, said: "In IDC's October 2024 survey of U.S. organisations, the top three challenges with threat intelligence solutions were cost (42.2%), false positives and alert fatigue (40.0%), and data quality and reliability (39.7%)." "Solution providers that are proactively addressing these challenges, like Rapid7, are making it easier for their customers to understand and secure their attack surface." With organisations increasingly struggling to manage the rising volume of security alerts and the complexity of multiple tools, Intelligence Hub is expected to support security teams by streamlining the delivery of trusted, relevant, and actionable threat intelligence within their existing operational platforms.
