Infosys TechCompass

Managed security services - threat detection and response

Trend 11: GenAI-powered security operations gain wider acceptance

GenAI is an industry buzzword widely applied for its cognitive capabilities. It employs dataset crawling for model training and responding to human queries, predominantly used by security analysts for investigation and analysis. GenAI models carry risks such as data poisoning, extraction attacks, and erroneous incident analysis decisions. Organizations must consider these risks during model training.

The technology empowers security operations with an automation-first, intelligence-driven, risk-based, threat-centric approach, ensuring swift incident response, threat containment, and insights into threat actors and their tactics. It also enhances information asset security preparedness.

A European postal operator wanted to improve its cybersecurity investigations. Infosys assisted by leveraging LLMs to provide context, attribution, and MITRE Att&ck mapping for security alerts. Resultantly, analysts conduct advanced analysis and threat hunting to uncover unknown threats and enhance cybersecurity effectiveness.

Managed security services - threat detection and response

Trend 12: Data pipelines for effective cybersecurity

Capturing all essential events during a major cyber incident is crucial for analysts to correlate and assess its impact accurately. In such situations, the volume of generated events may become unpredictable and significantly increase. Frequently, critical events may be missed during ingestion into the SIEM platform due to volume or EPS-based subscription limitations. To overcome such situations, data pipeline solutions collect, process, and route data (event logs) by filtering out unnecessary data or by aggregating data into more manageable chunks. It prevents the ingestion of duplicate and nonessential events into the SIEM platform.

A US food processing company, in collaboration with Infosys, onboarded a data pipeline solution to optimize data ingestion into its SIEM platform, ensuring flexibility, scalability, and cost effectiveness. This reduced the firm's EPS subscription by 30%, without missing any critical correlation event.