Exabeam has allied with Wiz to gain access to security data collected from a cloud-native application protection platform (CNAPP).

Steve Wilson, chief product officer for Exabeam, said organizations adopting the company’s security event information management (SIEM) platform will now be able to correlate events across a hybrid IT environment more easily. Security teams are now able to access a pre-configured Wiz tile in the Exabeam New-Scale Platform that provides full application programming interface (API) documentation along with support for more than 10,000 other data formats.

That approach provides security operation centers (SOC) with a more holistic view of the IT environment, noted Wilson. That’s critical because cybercriminals today frequently employ “low and slow” tactics and techniques that enable them to explore IT environments more months before being detected, he noted.

The Exabeam New-Scale Security Operations Platform makes extensive use of machine learning algorithms to identify anomalous activity. Many cyberattacks can be detected by surfacing changes in data access patterns that are, for example, indicative of exfiltration, said Wilson.

In addition, Exabeam provides access to generative artificial intelligence (AI) tools to make available a natural language interface to query data.

As the volume and sophistication of cybersecurity attacks have increased, these capabilities have become indispensable for security analysts who otherwise would be overwhelmed by the number of incidents they would need to manually investigate, noted Wilson.

In fact, at this juncture, it’s apparent that many cybersecurity professionals are not going to want to work for organizations that don’t provide them access to the AI tools they now need to succeed. Otherwise, the amount of toil required to identify and mitigate cybersecurity threats is simply too great.

It’s not likely AI will replace the need for cybersecurity analysts, however, the nature of the role is clearly evolving. Each analyst is now provided with the equivalent of their own digital assistant that can take on specific tasks. In time, security teams will find they will be able to orchestrate workflows across multiple AI assistants.

In the meantime, cybersecurity teams should also assume their adversaries will also be using AI to become more efficient than ever. In effect, cybersecurity teams like it or not are now involved in an AI arms race.

The challenge is finding the funding required to keep pace with AI advances. Many organizations will need to justify investments in AI platforms by rationalizing many of their existing tools. In some instances, those efforts will result in either relying on a single vendor to provide a highly integrated platform or, as in the case of Exabeam and Wiz, a smaller number of best-of-breed offerings that are now simpler to integrate.

Regardless of approach, the amount of time spent swiveling between security consoles to identify potential threats should be sharply reduced. The next major issue may be coming to terms with how to mitigate all the threats that previously went undiscovered simply because they were previously too difficult to discern.