AI in cloud security investigations: The role of UEBA and better telemetry

Cloud environments generate high volumes of security signals every day. With each one, you have to determine if it’s benign, a clear false positive, or something worth investigating. The challenge is needing to make these calls continuously, often without knowing whether any single event is part of a larger attack. Spending too much time investigating benign activity reduces the ability to detect threats elsewhere, and missing a legitimate threat has clear consequences.

How can you take advantage of AI’s advanced processing capabilities in a way that enables you to analyze and investigate threats more effectively than you can through existing workflows? If we assume the models themselves are good, AI can improve threat analysis, but not without careful planning. Its ability to successfully analyze and investigate threats depends on enforcing the same underlying data discipline required for effective cloud monitoring, particularly around generating consistent telemetry data.

In this post, we’ll discuss how to design cloud environments for AI-powered threat analysis. But first, we’ll look at what AI can do well in threat analysis and where it falls short.

What AI can do well in threat analysis

AI in cloud security investigations: The role of UEBA and better telemetry | Datadog

Related reading

How to investigate cloud credential compromise with Bits AI Security Analyst |…

What’s new in Cloud SIEM: AI-powered investigations, enhanced threat…

Evaluate, optimize, and secure your Google Cloud AI stack with Datadog | Datadog

How Datadog uses observability data to secure its platform | Datadog

AI Integrity in Cyber Defence - Industry4o.com

Intent-based chaos testing is designed for when AI behaves confidently — and…