A threat hunting team wants to use AI to analyze months of historical network flow data to identify long-dwell-time threats that evaded real-time detection. Which AI-assisted security approach is most appropriate?

Question

Accepted Answer

A. Retrospective AI analysis using machine learning models trained on normal traffic baselines applied to historical data to surface anomalies. Retrospective AI analysis applies learned behavioral baselines to historical data to detect low-and-slow threats that generated insufficient signal during real-time monitoring. This is an AI-assisted threat hunting technique aligned to the SecAI+ objectives of using AI techniques in operations including continuous monitoring and behavior analysis. Real-time signature detection cannot detect past events already in logs. Manual review of months of flow data is impractical at scale. Firewall rule updates are preventive, not detective.

A threat hunting team wants to use AI to analyze months of historical network flow data to identify long-dwell-time threats that evaded real-time detection. Which AI-assisted security approach is most appropriate?

Related Questions

Discussion