Machine learning technologies can compress hours of initial information collection into a few minutes, generate queries, and correlate evidence. And these capabilities are indeed worth using aggressively. But the risk assessment stage requires an understanding of the company’s institutional memory.
The algorithm does not understand that the array of “low-priority” alerts came from newly acquired company systems, which have not yet been officially announced. It cannot accurately distinguish whether the execution of PowerShell commands was part of last year’s Red Team exercises or if the attacked server belonged to a dismissed employee. This business context remains outside the data pipeline. The final determination of the criticality level of the incident is always the task of analysts: the work results of automated agents are only input data for decision-making.
The discussion about the appropriateness of using the latest technologies in cybersecurity data operations is no longer relevant — they have become an integral part of modern industry processes. The main question boils down to who will bear the responsibility for possible consequences. Teams that use intelligent assistants for parsing and accelerating triage win in speed. Those who allow algorithms to unobtrusively manage filtering and establish the truth in investigations will inevitably face a loss of control.
iIT Distribution Company as a distributor and expert partner in cybersecurity helps businesses build a reliable data management architecture. iITD specialists provide comprehensive project support from needs assessment to the implementation of solutions by world vendors (including Cribl). The distributor’s technical team offers thorough consultations, analyzes infrastructure, and becomes part of the partner’s team, individually working on each case to build a sustainable, manageable, and secure IT environment.