Elastic is on a mission to modernize Security Operations Centers (SOCs) by eliminating manual processes and using AI to surface critical alerts faster. The company has just announced the launch of Attack Discovery, which triages hundreds of alerts and only returns the ones that matter, enabling security teams to respond faster and more efficiently.
Attack Discovery is built on the Search AI platform, which is Elastic’s AI-powered platform that integrates search functionality across various aspects of IT operations, including observability and security. Search AI uses RAG technology to provide the LLM with rich, up-to-date data.
Search AI sorts alerts and identifies which ones should be evaluated further, and then prioritizes them based on criteria such as host and user risk scores, asset criticality scores, alert severities, descriptions, and alert reasons.
According to Elastic, this new offering is needed because SOCs can receive thousands of alerts on a daily basis. Sorting through all of that can be repetitive, time-consuming, and prone to errors.
By filtering out false positives and mapping the remaining signals to parts of the supply chain, SOCs can get a quick understanding of how alerts relate to the attack chain and address them more rapidly, the company explained.
“Traditional SIEMs have heavily relied on the human behind the screen for success. Alerting, dashboarding, threat hunting, and finding context among a deluge of signals are all very human-intensive. Search AI will upend this old model and replace the traditional SIEM with an AI-driven security analytics solution for the modern SOC. Imagine a system that sifts through all of your data, ignoring the noise and identifying what’s critical, discovering specific attacks, and crafting specific remediations,” Elastic wrote in a blog post.
