Skip to main content

Introduction to

What is is a Cognitive automation platform that uses AI, more specifically NLP (Natural Language Processing) and Deep Learning, for streamlining the process of alerts triage and investigation in Security Operation Centers.

Cognitive automation helps SOC analysts efficiently triage and investigate cybersecurity alerts. It can perform high-value tasks such as collecting and interpreting investigation results, creating tickets, suggesting specific approaches to analysis, and so on, reducing the risk of breach and increasing productivity. combines three key elements: deep learning, process automation, and expert feedback.

  • Deep learning: For the deep learning aspect we formulate the problem of alert triaging as a binary classification task in which a given corpus of alerts is flagged by experts as true positives (alerts of interest to the SOC team for further investigation or resolution) and false positives (noise). Using Neural Networks (NN) and Natural Language Processing (NLP), alerts are processed taking feature-level context into consideration for a more dynamic analysis.
  • Process automation: Based on the model’s decision, can help streamline operations by automating investigation and post-decision tasks such as: ticket creation, threat intel collection, notifications or remediation by triggering SOAR playbooks.
  • Expert feedback: The backbone of Arcanna's innovative approach consists of how it enables users to directly influence the deep learning algorithm in an efficient way. As alerts are processed and the algorithm makes a decision to classify them as either false-positive or true-positive, the users are presented with these results and they have the option to change the classification or leave it as decided by the algorithm. As users give more feedback, the model will improve and adapt to the particularities of the ecosystem in which it runs, becoming a virtual member of your security team that encompasses the knowledge of all your experts.

What problem does it solve# can cut through the noise, so you can address the real threat.


How it works#

Using a wide range of out-of-the box integrations analyzes alerts with a deep learning algorithm and triages them into false-positives, true-positives or custom labels. It also provides assistance for post-decision automation of analyst manual tasks such as: ticketing, custom notifications, or to trigger SOAR playbooks.