RedCarbon

AI Virtual Analyst L1

The Next Gen Analyst

Virtual Analyst is an AI instance with specialized cybersecurity algorithms that turns human resource-intensive monitoring and initial triage into consistent and deep computational investigations.

The L1 RedCarbon Virtual Analyst is an AI instance that intervenes immediately after ingesting an alert from a data source system.

Its job is to conduct an in-depth analysis of the alert (Triage) to correctly classify any anomaly detected and build and produce a complete report with all the information helpful in managing a single event. During the Triage phase, the Virtual Analyst plays a critical role in quickly assessing and prioritizing security incidents based on their severity and potential impact.
The three steps process

Primary tasks it undertakes during this phase include three main steps to describe the information in this process:

  • The detection system produces a first correlation, which the RedCarbon AI ingests; in this phase, the information obtained is called an Alert.
  • L1 VA RedCarbon's AI reads the information in the Alert, applies a series of algorithms, and enriches the original report with info from other internal and external data sources, depending on the case. At this stage, the information became a “Case.”
  • At the end of the process, the L1 Virtual Analyst concludes. Depending on the findings, the information remains classified as a “case”. In very few of them, it became an “incident”. This is a label given to a case showing evidence of absolute security happening, some of which are really a problem. We ingest thousands of Alerts, we process all of them, and all of them are cases in different states, but ONLY when a human or our Virtual Analyst identifies a real tentative or a real happening security-related; these few can be named “incidents.”

The AI of the Virtual Analyst L1, during the process of elevation from “Alert” to “Case,” always enriches the original information generated by the data source system; in some situations, it is responsible for carrying out a “Retrospective Analysis” looking for any comparisons with information relating to the hours preceding the ingestion phase of the Alert.

Once all the operations described above have been completed, the AI of the Virtual Analyst L1 makes the “case” available to the SOC operator in the console dedicated to him in the form of a “Human Readable” report; this is because despite being complex information, the AI strives to write it in a language as familiar and congenial as possible to a human operator, not necessarily to an experienced operator.

While in these phases, RedCarbon's AI creates new value, generates and adds new information to the original ones:

  • It raises an "Alert" to "Case"
  • It classifies the "case", compares it with the "Contextual Rules"** and assigns it a "Priority"
  • It classifies the "case", compares it with the "Contextual Rules"** and assigns it a "Risk Score"

Virtual Analyst L1 does a considerable job.

  • It analyzes 100% of the anomalies identified by a detection system. In contrast, in a system missing of RedCarbon AI, this is impossible due to the high number of alerts.
  • It classifies and categorizes each "alert" and elevates it to "case," assigning it the Risk Score and Priority.

Once all the operations described above have been completed, the AI of the Virtual Analyst L1 makes the “case” available to the SOC operator in the console dedicated to him in the form of a “Human Readable” report; this is because despite being complex information, the AI strives to write it in a language as familiar and congenial as possible to a human operator, not necessarily to an experienced operator.

A full report is usually generated in about 1 second, compared to the 15 or 20 minutes a human operator takes. That means a RedCarbon Virtual Analyst during the triage phase could be from 700 to 900 times faster than a senior human operator.

In essence, it allows the future subsequent reuse of information for these different purposes:

  • management of all anomalies in the best possible time and precise identification of the main priorities that an operator must face
  • creation of a database of information external to xDR systems on which to hunt for more complex attempts to compromise
  • management of the overall governance of the cyber risk of the company allowing the future calculation of the health of the information system for the portion subject to xDR or detection control
  • documentation; it creates and maintains accurate records of each incident, including the date, time, affected systems, observed behaviors, and actions taken. This information is crucial for incident response teams to address the issue effectively and for post-incident analysis and reporting.

** Contextual Rules in RedCarbon are information related to each customer’s unique infrastructure. In RedCarbon, panels are very easy to set up and permit to the assignment of Priority and Risk Value Scores with great precision. More details are available here

Coronavirus
Our company has taken measures to protect our workers and their families
Headquarter
  • Riva Albertolli 1, CH-6900 Lugano
  • info@redcarbon.ai
VAT and Register of Commerce
  • VAT Number: CHE-204.047.160 IVA
  • UID: CHE-204.047.160
Follow us on Social Networks

© 2022 RedCarbon SA. All rights reserved