May 30 Webinar | SOC Talk: Automating Threat Response
Reduce Alert Noise and False Positives
Boost your team's productivity by cutting down alert noise and false positives.
Automate Security Operations
Boost efficiency, reduce burnout, and better manage risk through automation.
Dark Web Monitoring
Online protection tuned to the need of your business.
Maximize Existing Security Investments
Improve efficiencies from existing investments in security tools.
Beyond MDR
Move your security operations beyond the limitations of MDR.
Secure with Microsoft 365 E5
Boost the power of Microsoft 365 E5 security.
Secure Multi-Cloud Environments
Improve cloud security and overcome complexity across multi-cloud environments.
Secure Mergers and Acquisitions
Control cyber risk for business acquisitions and dispersed business units.
Operational Technology
Solve security operations challenges affecting critical operational technology (OT) infrastructure.
Force-Multiply Your Security Operations
Whether you’re just starting your security journey, need to up your game, or you’re not happy with an existing service, we can help you to achieve your security goals.
Detection Investigation Response
Modernize Detection, Investigation, Response with a Security Operations Platform.
Threat Hunting
Locate and eliminate lurking threats with ReliaQuest GreyMatter
Threat Intelligence
Find cyber threats that have evaded your defenses.
Model Index
Security metrics to manage and improve security operations.
Breach and Attack Simulation
GreyMatter Verify is ReliaQuest’s automated breach and attack simulation capability.
Digital Risk Protection
Continuous monitoring of open, deep, and dark web sources to identify threats.
Phishing Analyzer
GreyMatter Phishing Analyzer removes the abuse mailbox management by automating the DIR process for you.
Integration Partners
The GreyMatter cloud-native Open XDR platform integrates with a fast-growing number of market-leading technologies.
Unify and Optimize Your Security Operations
ReliaQuest GreyMatter is a security operations platform built on an open XDR architecture and designed to help security teams increase visibility, reduce complexity, and manage risk across their security tools, including on-premises, clouds, networks, and endpoints.
Blog
Company Blog
Case Studies
Brands of the world trust ReliaQuest to achieve their security goals.
Data Sheets
Learn how to achieve your security outcomes faster with ReliaQuest GreyMatter.
eBooks
The latest security trends and perspectives to help inform your security operations.
Industry Guides and Reports
The latest security research and industry reports.
Podcasts
Catch up on the latest cybersecurity podcasts, and mindset moments from our very own mental performance coaches.
Solution Briefs
A deep dive on how ReliaQuest GreyMatter addresses security challenges.
White Papers
The latest white papers focused on security operations strategy, technology & insight.
Videos
Current and future SOC trends presented by our security experts.
Events & Webinars
Explore all upcoming company events, in-person and on-demand webinars
ReliaQuest ResourceCenter
From prevention techniques to emerging security trends, our comprehensive library can arm you with the tools you need to improve your security posture.
Threat Research
Get the latest threat analysis from the ReliaQuest Threat Research Team. ReliaQuest ShadowTalk Weekly podcast featuring discussions on the latest cybersecurity news and threat research.
Shadow Talk
ReliaQuest's ShadowTalk is a weekly podcast featuring discussions on the latest cybersecurity news and threat research. ShadowTalk's hosts come from threat intelligence, threat hunting, security research, and leadership backgrounds providing practical perspectives on the week's top cybersecurity stories.
May 01, 2024
About ReliaQuest
We bring our best attitude, energy and effort to everything we do, every day, to make security possible.
Leadership
Security is a team sport.
No Show Dogs Podcast
Mental Performance Coaches Derin McMains and Dr. Nicole Detling interview world-class performers across multiple industries.
Make It Possible
Make It Possible reflects our focus on bringing cybersecurity awareness to our communities and enabling the next generation of cybersecurity professionals.
Careers
Join our world-class team.
Press and Media Coverage
ReliaQuest newsroom covering the latest press release and media coverage.
Become a Channel Partner
When you partner with ReliaQuest, you help deliver world-class cybersecurity solutions.
Contact Us
How can we help you?
A Mindset Like No Other in the Industry
Many companies tout their cultures; at ReliaQuest, we share a mindset. We focus on four values every day to make security possible: being accountable, helpful, adaptable, and focused. These values drive development of our platform, relationships with our customers and partners, and further the ReliaQuest promise of security confidence across our customers and our own teams.
More results...
Just as defenders are leveraging AI elements such as machine learning and automation, adversaries are incorporating advanced techniques into their malicious activities. Hence the emergence of AI-powered attacks. Dubbed “one of the biggest fears within the security community” by Max Heinemeyer, Director of Threat Hunting at DarkTrace, AI-powered attacks leverage more offensive AI and less human input in an attempt to prey upon unsuspecting users.
This change in tactics makes it possible for attackers to launch more campaigns, as these individuals can simply automate and orchestrate whatever operations are in place. Not only that, but offensive AI has the potential to make attacks quicker and easier to create in the first place, thus attracting more individuals into the world of digital crime. Finally, because of their ability to adapt to their environment by learning from contextual information, AI-powered attacks are better equipped than traditional attacks to maximize whatever damage they cause.
Let’s look at some examples of what these attacks might look like. Take the idea of AI-powered spear-phishing campaign. Like a traditional phishing attempt, the operation would begin with an attack email. The difference is that the email would originate from an AI-powered toolkit and not a human attacker. As pointed out by Wired, spear phishers could use such a toolkit to scan their target’s social media feeds and emails so that they could build a profile of the target’s routine correspondence and replicate their persona to increase the success rate of their attack. They could do this all while saving hours of work had they done the research themselves.
There’s also the potential threat of AI-powered malware. Back in 2018, IBM Research developed “DeepLocker” to observe how AI models could work together with cutting-edge malware techniques. The team designed DeepLocker to disguise itself as legitimate applications such as video conferencing software. The threat used facial recognition, geolocation, and voice recognition as part of a deep neural network (DNN) AI model to identify when it had reached a target. Only when it came across trigger conditions identifying specific victims did it reveal its malicious intent. This behavior complicated the task of reverse-engineering not only the malware’s functionality but also of determining the exact circumstances under which the malware would activate.
Organizations need to further increase their detection capabilities if they are to protect themselves against AI-powered malware, AI-created spear-phishing campaigns, and similarly advanced attacks. In doing so, however, organizations need to do so strategically. They specifically need to stop short of fully relying on AI to make their security decisions for them. It’s never a good idea to take the human analyst out of the equation. Without proper oversight from their security teams, AI-powered solutions could make a wrong decision and leave organizations open to a breach.
Organizations therefore need an AI-enabled approach to security that keeps human analysts at the center. That’s why hybrid intelligence is the best defense. As I wrote back in February on LinkedIn, hybrid intelligence is where human intelligence and machine intelligence come together. Both have their own strengths and weaknesses. By working as one, the two can help one another overcome their flaws and augment their strengths, thus becoming better than the sum of their parts.
Source: SANS Data Science Lightning Summit, March 19, 2021
Under a hybrid intelligence program, machines could use their intelligence to collect, analyze, and process data received from an organization’s security tools. They could then orchestrate the functionality of those tools as a means of coordinating an organization’s ability to identify, detect, and respond to any potential security issues.
But the human analyst still has a role to play. They’re the ones who are ultimately responsible for investigating and responding to security incidents, and take a proactive stance to threat by hunting. After all, they’re the ones who need to relevant context from the machines. They’re also the ones who need to reduce complexity at all costs. Towards that end, they could provide feedback to help reduce the incidence of false positives generated by the machines. This could help them save themselves time and money, all while keeping their organization focused on investigating legitimate security concerns. Similarly, they could continue to fine-tune their machines to automate mundane tasks so that they can focus on meaningfully contributing to their employer’s security posture.
For more information about how hybrid intelligence can help security teams to protect their organizations against AI-powered attacks, check out this recording of a SANS Data Science Lightning Summit I participated in.
Learn how ReliaQuest can force multiply your security team with technology + services >