>The reason those incidents aren't found is simple: too much data and too much alerts to handle, given that CSIRT teams are less than 10 people even for a company the size of Siemens
Hey, wanna guess where they're trying to push AI driven "insights" right now? That's right, all of cybersecurity roles.
Rather than add headcount to teams, or spin up new teams to section off pieces of a business that might need more customized attention, AI is now being shoved down the throat of security engineers and SIRT teams to handle the massive amount of data involved and to present a human with some little nugget of information to act on, all the while sweeping away the rest as irrelevant.
Useful as a tool? Sure. Able to reduce workload on existing teams? Absolutely. Able to replace the need for more human eyes looking at the problem space and figuring out ways to filter the data for meaningful events? Eh, maybe but I'm not going to hold my breath on it either.
It's the same story with AI across every industry right now.
Most people in charge don't have a technological background, so all the AI intelligent whatever-BS systems will fail eventually due to lack of meaningfully labelled data or lack of supervision.
As long as deep learning concepts are used across the board which lose symbolic inference, this approach won't work. But who am I to tell them, we're still using AlphaGo agents in an ES/HyperNEAT simulation for pentesting and nobody believes us when we tell people this is the only way to make this work in that problem space.
We are just too uncool for the LLM hypetrain, I guess.
Hey, wanna guess where they're trying to push AI driven "insights" right now? That's right, all of cybersecurity roles.
Rather than add headcount to teams, or spin up new teams to section off pieces of a business that might need more customized attention, AI is now being shoved down the throat of security engineers and SIRT teams to handle the massive amount of data involved and to present a human with some little nugget of information to act on, all the while sweeping away the rest as irrelevant.
Useful as a tool? Sure. Able to reduce workload on existing teams? Absolutely. Able to replace the need for more human eyes looking at the problem space and figuring out ways to filter the data for meaningful events? Eh, maybe but I'm not going to hold my breath on it either.
It's the same story with AI across every industry right now.