Trend Micro revolutionizes threat hunting with generative AI

Trend Micro Inc. today launched "Companion", a new GPT 3.5-based generative AI assistant. This tool is designed to be a trusted point of reference for Security Operations Center (SOC) teams, to which they can turn to answer questions related to threat hunting. Companion integrates with Trend Vision One XDR (extended detection and response) platform, providing a range of functions, including explaining multi-level event alerts, decoding tracking scripts, making recommendations to mitigate breaches, automating emails and creating support tickets, and facilitating incident reporting. Companion's overall goal is to speed up incident investigations.

The vital role of generative AI in SOCs

"Time is the most valuable currency for a SOC," said Shannon Murphy, head of product marketing at Vision One, in an interview with SiliconANGLE. Companies are trying to buy time in several ways: managed services, automation, orchestration and generative AI. Generative AI has the potential to make SOCs more time and cost efficient by instantly generating understandable explanations of complex threat signals gathered in on-premises and cloud environments. This way, analysts don't have to waste time manually piecing together information from disparate monitoring tools and alerts.

Generative AI and XDR in the future of SOCs

Trend Micro's Companion release comes just days after Google Cloud announced that its Security AI Workbench will be available to partners, including Accenture Ltd., Broadcom Inc., CrowdStrike Holdings Inc., and F5 Inc. More and more technology vendors are turning to AI to automate SOC operations, as human analysts cannot keep up with the volume of data being generated in today's multicloud and hybrid enterprise environments. For example, one survey found that 62% of SOC analysts have considered quitting their jobs due to high-pressure environments, with 71% of those likely likely to quit due to stress caused by information overload , burnout and long working hours. Generative AI addresses these challenges head-on by automatically processing data and alerts, allowing analysts to spend less time monitoring large datasets of threat signals and more time responding to active threats.

XDR Market and the Importance of Generative AI

Skyquest Research estimates that the value of the global AI-based cybersecurity market will grow from $13.29 billion in 2021 to $94.14 billion by 2030. As business and consumer interest in Generative AI solutions grows like ChatGPT, more and more XDR vendors are starting to experiment with the big language models for threat hunting applications. For example, at RSAC 2023, SentinelOne launched a GPT-4-based threat hunting platform, which collects data from network, endpoint and cloud logs, allowing analysts to ask questions about threat activity and automate response actions. Just over a month later, XDR market leader CrowdStrike announced the launch of its generative AI assistant, Charlotte AI. Though Companion has just been released, Murphy says it "has more reach than the competition, with support and insights across multiple real-time data feeds." As these solutions evolve, the key differentiator will be how much data they can process, and the effectiveness of a co-driven SOC will depend on an organization's ability to consolidate its threat data into a single source. of truth.