Embed Size (px)
Citation preview
How Artificial Intelligence can solve ALL major roadblocks in the cybersecurity industry
AI AND ML IN CYBER SECURITY
A brief introduction Support and sales of AI software and services is expected to reach $38 billion by 2026, which is a massive increase from just $9 billion this year.
According to the market research firm Markets and Markets, the rise of the Internet of Things and other connected devices, exponentially increasing cyber-attacks, the complex nature of the cloud and advanced hacking methods are perfect market drivers for investment to continue to grow. The research discovered constraints on the market to be the ineffectiveness of current technology in stopping zero-day attacks, the rise of insider cyber threats and the prevailing issue of false positives wasting time security professional’s precious time. The Markets & Markets report also stated that “a limited number of cybersecurity and AI professionals, and lack of interoperability with existing information systems pose major challenges to the AI in cybersecurity market.” Luckily, with the emergence of companies like MixMode offering Unsupervised Third- Wave Artificial Intelligence cybersecurity systems, these challenges can be met with solutions.
Using Third-Wave Artificial Intelligence which implements Unsupervised Learning and Multi-Stream capabilities, Mix Mode’s proactive network security monitoring platform provides unparalleled visibility and best-in-class forensics enabling real time identification and remediation of the threats that truly matter. Our AI is creative and hyper-intelligent. We created a product with the three biggest detractors to our online safety in mind and found ways to not only improve security but cut massive costs for companies as well. False positives plague the industry as security teams struggle to sift through the endless alerts they receive all day. Our AI eliminates this process and simply points out which alerts are to be taken seriously as possible breaches.
Zero Day Attacks no longer have to strike fear in the hearts of enterprise CEO’S. Third-wave AI has been programmed with these types of hacks in mind. Our technology learns from past attacks in order to prevent future ones, but it also “thinks” of NEW ways hackers may try to attack the system, which is unlike anything else on the market right now and is the only thing that will truly prevent these zero-day attacks that come with no warning. Hackers are already using Machine Learning techniques to tweak the language of emails so they aren’t caught by spam filters and that’s just the peak of the iceberg. To protect from these threats its imperative to have technology that doesn’t just look for past patterns of information, but creatively comes up with new ones to scan for.
HOW ARE WE DIFFERENT?
Cyber attacks are increasing and the hackers are arming themselves with more advanced methods of attack that will include AI, if they
don’t already have it. Already we are finding that the defenses many
governments and enterprises have in place are not enough to stop
these attacks from happening for a few key reasons:
Most entities are armed with a SIEM at best, which is a security
program that logs data when deviations from the norm on a network
occur.
For many years having a SIEM was a viable approach to network security. But, with the advancement of hacking techniques and especially the inevitable emergence of AI-based attacks, a system requiring as much human time and attention per attack as a SIEM does, just isn’t going to cut it anymore.
SIEM systems aggregate data from multiple sources, identify deviations from the norm and take action accordingly. When a possible issue arises, a SIEM will log additional information on the event, generate an alert to inform the user of a problem and instruct other security mechanisms to stop an attack’s progress.
The problem with the SIEM system is that it’s based on past events needed to generate the logs. Logging in itself is imperfect because it is impossible to log everything and often times the wrong information gets logged while big issues can get lost in the data. Logs can be changed by a bad actor. A Context-Aware AI platform eliminates the concern of a human hand messing with your data.
• AI and ML wielding hackers are starting to show up and we need to be prepared
The ProblemsA Closer Look at
HACKERS ALREADY HAVE IT
Teams have to sift through countless false-positive alerts of these ‘deviations’ and determine which ones are real and which ones are falsely flagged, a process which takes a huge amount of time and is not particularly good at catching actual attacks because often times security teams get so bogged down by alerts they are unable to handle the sheer amount and statistically end up ignoring some of them.
The false positives problem begs for a solution as alert fatigue is now a big issue in SOCs globally.
Some companies are already claiming to have solved this issue with articles
boasting, “zero false positives.” What they don’t tell you is that simply
having zero false positives is not the hard part. It’s managing to reduce false
positives while also keeping false negative alerts from skyrocketing.
Essentially you want to have as little as possible of both.
Dr. Igor Mezic, MixMode’s new CTO and Chief Scientist believes he has
found a way to address this issue.
According to Dr. Mezic, what separates MixMode from the pack is the AI’s
ability to optimize the balance between false positives and false negatives.
“By paying attention to the overall traffic of the network and selecting the
events that differ from the normal operation, you’re not really tuning the
system up or down, it will naturally select the events that deviate from the normal and therefore produce very few false positives and at the same time very few false negatives, if any,” Mezic said.
• False Positives waste time and labor when there is already a shortage of working professionals in the field
A Closer Look at
FALSE POSITIVES WASTE RESOURCES
A Zero Day Attack is essentially a brief that happens with no prior warning an no opportunity to patch before a major hack.
Companies armed with SIEMs often feel they are prepared for the worst a hacker could throw at them, but with the emergence and consistent prevalence of devastating zero-hour attacks on enterprises, a logging-based system just isn’t enough.
That’s because a system that merely logs the data cannot possibly allow enough time for a security team to analyze this data before the chance of a horrible hack.
Because Context-aware AI works off of a baseline and is constantly monitoring that baseline for possible deviations, it has the fastest possible response time to a breach or weak spot detection, so a security analyst can get in there and patch it before any serious damage is dealt.
MixMode can provide the IP address of a zero-day attack hacker before they ever get close to touching your network.
Using Unsupervised Learning, the MixMode Platform monitors patterns in your network for odd behavior constantly, so on the chance of a “zero-day attack” it will be alerted to an abnormality in the pattern of the network baseline and immediately provide the customer with every last detail of the vulnerability, down to the IP address behind it. Within five minutes your security team can shut down the sore spot in your network, preventing any hacker that may have been planning to attack it that day.
• Zero Day Attacks come without warning and wreak the most damage on unsuspecting companies.
A Closer Look at
ZERO-DAY DISASTER
Not All AI Is Created EqualDifferent Types of AI As we move towards a future where we lean on cybersecurity much more in our daily lives, it’s important to be aware of the differences in the types of AI being used for network security.
Over the last decade, Machine Learning has made huge progress in technology with Supervised and Reinforcement learning, in everything from photo recognition to self-driving cars.
However, Supervised Learning is limited in its network security abilities like finding threats because it only looks for specifics that it has seen or labeled before, whereas Unsupervised Learning is constantly searching the network to find anomalies.
Labeling VS Learning Supervised Learning relies on a process of labeling in order to “understand” information.
The machine learns from labeling lots of data and is able to “recognize” something only after someone, most likely a security professional, has already labeled it, as it can not do so on its own. This is beneficial only when you know exactly what you’re looking for, which is definitely not commonly the case in cybersecurity. Most often, hackers are using a method of attack that the security program has not seen before in which case a supervised system would be totally useless.
The Benefit of Unsupervised Learning This is where Unsupervised Learning comes in. Unsupervised Learning draws inferences from datasets without labels. It is best used if you want to find patterns but don’t know exactly what you’re looking for.
This makes it useful in cybersecurity where the attacker is always changing methods. It’s not looking for a specific label, but rather any pattern that is out of the norm will be flagged as dangerous, which is a much better method in a situation where the attacker is always changing forms.
Unsupervised Learning will first create a baseline for your network that shows what everything should look like on a regular day. This way, if some file transfer breaks the pattern of regular behavior by being too large or sent at an odd time, it will be flagged as possibly dangerous by the Unsupervised system.
A Supervised Learning program will miss an attack if it has never seen it before because it hasn’t yet labeled that activity as dangerous, whereas with Unsupervised Learning security, the program only has to know that the action is abnormal in order to flag it as a potential threat.
The future: Multi Stream With 37 percent of attacks in 2018 being Zero-Day as opposed to 25 percent in 2017, Unsupervised Learning could help even the playing field and at least allow for these attacks to be detected before they begin wreaking havoc on a network.
The best way to detect threats across an entire network in the quickest manner is with a multi-stream platform which can incorporate not only Network Data, but Cloud Trail Data and SIEM logs as well.
MixMode plans to use its Unsupervised Learning AI to monitor deviations from the baselines of multiple streams (Cloud, Network Data and SIEM) in order to catch suspicious activity more quickly and effectively than any other security system on the market.
The way our Multi-Stream Platform will work is by taking all three data streams and allowing for concurrent viewing between them. On Mix Mode’s new User Interface, a security professional will have a clear view of all three data streams where alerts can pop up that match up on multiple streams.
With this technology we will be able to take data from network monitoring, the cloud and SIEM logs. The AI will flag deviations from the baseline of each system separately to see if there are any corresponding deviations at the same timestamp which may indicate an attack at that time.
Mix Mode will be taking data from Google Cloud, Amazon Web Services, Splunk, and many more data log services and scanning all three at the same time, through different channels, in order to analyze where there may be matching deviations from the norms.
