Impossible Travel
Andrew Smith
CISO
Kyocera Cyber
Andrew Smith is the founder of Kyocera Cyber, a MSSP. With 20 years of experience in strategic IT/Cyber Security leadership, Andrew’s track record is testament to his visionary leadership style and commercial acumen.
Connect with him on LinkedIn
Impossible travel is a real world use case. These triggered alerts are frequent, time consuming and monotonous for security experts, thus contributing to alert fatigue. This class of alert is happening in every Security Operations Centre around the world, but now there is a new way that offers freedom from the tedium by harnessing the power of AI and hyper automation in the SOC.
A real life scenario.
We frequently receive alerts into our Security Operations Centre (SOC) with something we class as ‘impossible travel’.
It refers to a user logging on in a different region or country at the same time as being logged on elsewhere.
In the past, our SOC analysts would have to manually check a number of different systems and configurations when receiving this type of alert to understand whether an actual attack was underway or it was legitimate travel.
Quite a number of these checks are system based, plus our SOC analysts had to get in touch with the users themselves to understand where they were in the world and whether they were working on their company devices.
This simple set of alerts took our SOC agent 25 to 30 minutes to resolve, just to deal with one single user travelling (or not) to a different region than expected by our systems.
Now our SOC is enabled with AI and hyper automation, all of these checks, including contacting the user and finding out where they are working on a particular day, can be automated end-to-end without a single SOC analyst touching it.
Why is this important?
With AI performing the basic checks, we can focus our highly skilled SOC analysts on proactive action – for instance, resolving case escalations or threat hunting.
Threat hunting is where analysts search for malicious activity and security threats before an alert is triggered or elements of attack that are not picked up by automated systems.
This way we can reduce the risk for our customers and deliver a more targeted service.
In today’s threat landscape, speed and accuracy are everything. AI hyper automation isn’t just a luxury, it’s a necessity to stay ahead of evolving cyber risks.
Discover how our M-SOC can help your business.
Under attack? Get help from THE Cyber team.
Cyber Blog.
Cyber Solutions.
Managed Security Operations Centre.
Our state-of-the-art AI powered and hyper-automated Managed Security Operations Centre (MSOC) is the ultimate solution for robust cyber defence.
Managed Endpoint Detection and Response.
Protect your business against the latest cyberthreats with our Managed Endpoint Detection and Response (M-EDR) service.
Managed Phising Defence.
Our managed service tackles the challenges faced by IT teams in educating and maintaining cyber security awareness within organisations.