While LOLBAS techniques were initially associated with advanced persistent threat ( APT ) groups , they are now being adopted by a broader range of threat actors , further complicating the detection and response efforts of security teams .
And this drives into the second issue , something of a perennial issue for cybersecurity : staffing .
“ Security analysts are overworked and overwhelmed by the sheer number of false positive alerts , IOCs decaying too fast to add value , and , ultimately , alert fatigue , which causes errors and increases cyber risk ,” says Mikkel . “ The challenge is that the more logs we put into a SIEM system , the more false positives are created .”
Can SIEM be saved ? Just as adversaries are increasingly looking to AI to upskill their attacks , so is industry . “ AI and machine learning can help improve the accuracy of threat detection with SIEMs and reduce the number of false positives they generate , a major problem with traditional SIEMs ,” says Amit . “ This enables security teams to focus on genuine incidents and not waste time potentially investigating non-existent threats .”
112 August 2024