Trend Micro Inc. today released Companion, a new generative artificial intelligence assistant based on GPT 3.5, to which security operations center teams can ask threat hunting questions. 

Companion integrates with the Trend Vision One XDR or extended detection and response platform. It can explain cross-layer event alerts, decode tracker scripts, create breach mitigation recommendations, email automations and help-desk ticketing, and automate incident reporting. The overall aim is to accelerate incident investigations. 

“The most valuable currency of the SOC is time,” Shannon Murphy, product marketing manager of Vision One, said in an interview with SiliconANGLE. “Companies are looking for this time in a few different ways: managed services, automation and orchestration, and generative AI.”

Generative AI has the potential to make SOCs more time- and cost-efficient by instantly generating readable explanations of complex threat signals taken across on-premises and cloud environments. That way, an analyst doesn’t have to waste time manually piecing together information across disparate monitoring tools and alerts. 

XDR and the copiloted SOC

Trend Micro’s release of Companion comes just days after Google Cloud announced it was making its Security AI Workbench available to partners, including Accenture Ltd., Broadcom Inc., CrowdStrike Holdings Inc. and F5 Inc.

More and more technology providers are turning to AI to automate SOC operations because human analysts simply can’t keep up with the volume of data generated in modern multicloud and hybrid cloud enterprise environments. For instance, one survey found that 62% of SOC analysts have considered walking away from their jobs because of the high-pressure environments, with 71% of those likely to quit from the stress caused by information overload, burnout and long working hours. 

Generative AI copilots address these challenges head-on by automatically processing data and alerts so that analysts can spend less time monitoring vast datasets of threat signals and more time responding to active threats.  

The extent to which these assistants can play in the SOC is largely down to the analysts preferences. “Generative AI has massive future potential to learn from analysts, learn from threat activity, from threat campaigns, and to learn unique customer environments to autonomously create workflows and security playbooks for near instant threat response,” Murphy said. 

Looking at generative AI in the XDR market

Skyquest research estimates that the value of the global AI cybersecurity market will grow from $13.29 billion in 2021 to $94.14 billion by 2030. 

Now as enterprise and consumer interest increases around generative AI solutions like ChatGPT, more and more XDR providers are beginning to experiment with large language models for threat hunting use cases. For example, at RSAC 2023, SentinelOne released a GPT-4-based threat hunting platform, which collects data from network, endpoint and cloud logs, so analysts can ask questions about threat activity and automate response actions. 

Just over a month after, XDR market-leader CrowdStrike also announced the launch of its own generative AI assistant, Charlotte AI. Users can ask it to contextualize the severity of vulnerabilities and create risk profiles, as well as automating data collection and extraction tasks. 

Although Companion has just been released, Murphy argues that it “has a further reach than the competition with support and insight into more real-time data feeds.” 

It’s important to note that as these solutions become increasingly developed, the key differentiator between them will largely be the volume of data they can process. The effectiveness of a copiloted SOC comes down to whether an organization can consolidate its threat data into a single source of truth. 

Image: cliff1126/Pixabay