Auguria today at the Black Hat Europe conference, in addition to providing five additional integrations with other platforms, revealed it has added an explainability graph capability that makes it simple to understand why log data collected is either irrelevant or warrants further investigation.

The Security Knowledge Layer Platform from Auguria makes use of machine learning algorithms and other data science techniques to identify normal log data that isn’t worth passing directly on to, for example, a security event information management (SEIM) or data lake platform. Instead, the data can be passed on to a cold storage system where it can be rehydrated when necessary.

Auguria CEO Keith Palumbo said that the approach substantially reduces the total cost of cybersecurity, while at the same time reducing fatigue by enabling cybersecurity analysts to focus more of their time and attention on alerts that surface anomalous behavior.

The explainability graph is based on a static ontology that Auguria created using generative artificial intelligence (AI) tools that it plans to regularly update as additional classes of potential issues are discovered over time, says Palumbo.

New sources for that log data now include SentinelOne, CrowdStrike, Palo Alto Networks and Microsoft Windows Event Logs. It’s not feasible at this point for security analysts to manually comb through massive amounts of log data to identify anomalies. As such, it makes more sense to leverage machines to manage that task, simply because human analysts don’t scale, said Palumbo. The overall goal is to augment the capabilities of existing analysts in a way that helps limit the total number of analysts that might otherwise be required, he added.

Additionally, most cybersecurity analysts would prefer to spend more time investigating actual breaches versus trying to determine if there is any relevant signal in the log data that has been collected, he added. Ultimately, that capability reduces the overall fatigue level cybersecurity analysts would otherwise experience, which is critical in a field where burnout rates among cybersecurity analysts are notoriously high, said Palumbo.

It’s not clear just how focused organizations are on reducing burnout among cybersecurity analysts, however, even in the age of AI the cost of hiring and retaining those analysts remains the highest element of the cybersecurity budget. Each time a cybersecurity analyst moves on the cost of hiring and training someone, assuming they can be found, is considerable.

In theory, of course, AI should help democratize security analytics but once an issue is discovered an analyst will be needed to assess its actual severity.

Regardless of the approach, the volume of log data that needs to be analyzed is only going to increase as the overall size of the IT attack surface continues to expand. In the absence of any ability to make sense of all that data, it will continue to be too easy for cybercriminals to exploit weaknesses in those systems, which can only be discovered when a machine, in a now timelier manner, identifies anomalous patterns indicative of a breach.