Most security analysts are presented with similar threat use cases every day. A majority of these alerts fall into a few scenario patterns, many of which turn out to be false positives. As an analyst, this repetition can be mind-numbing. The excitement of research and investigation quickly fades into monotony.
Emerging and changing threats is the most difficult aspect of cybersecurity. Adversaries are creative and opportunistic. Security Operations Center (SOC) analysts are often in the best position to observe and react to new threats. Salem, the AI Cyber Analyst, allows SOC analysts to offload the triage of 'known knowns' so they can focus on researching and investigating the yet unknown. Salem covers the low-hanging fruit while SOC analysts focus on creating the next set of detections that will protect their organization.
Every analyst got their start by learning from their colleagues. Important institutional knowledge is often shared as an oral history between people. There are limits to what information exists in the data, and it’s up to analysts to pull from their experience and connections to paint the whole picture of a potential incident. Salem was designed with this reality in mind.
Salem lives in chat as a virtual colleague where it can learn your organization’s ground truth. When an analyst encounters a new situation, they often ask questions related to the specific assets and identities involved. Through this experience, they start to understand higher-level truths that help them with future investigations. This is what Salem does too. Salem asks questions (periodically) about specific alerts and then uses your team’s response to extract generalizations that aid future Salem alert investigations.
At Salem Cyber, we recognize that no SOC analyst wants to be bothered all day by an AI asking questions. Yet, it’s these types of interactions that create the environment necessary for an AI cyber analyst to produce precise analysis. Therefore, we’ve designed Salem to be easy to use and where you already work, so that your experience with Salem is non-noisy, efficient, rewarding, and value-additive.
Salem also enables you to say "Yes!" Resistance to new monitoring requests is an act of self-preservation in the SOC. SOC analysts have to constantly scrutinize new threat use cases and defend their time from low-precision and compliance-driven alerting. With Salem as your tier 1 analyst, many of these false positives can be eliminated before they make it to the SOC. Your team can now say "yes" to more monitoring requests, improving your relationship with your audit and IT peers.
