For This Threat Intelligence Platform, AI is More Than a Buzzword

AI is More Than a Buzzword [Threat Intelligence Edition]

AI has become the buzzword of pretty much every domain, and we’re sure we’re not the only ones who have noticed. For its part, cybersecurity is hardly immune to the allure of AI, with every vendor in the industry currently waxing lyrical about the integration of AI into their solution. Is there a little bit of AI for AI’s sake at play here?

The benefits of AI in cybersecurity

Don’t get us wrong, there are many benefits to AI in cybersecurity. To begin with, AI allows us to process large amounts of data. This is great news, given the data explosion that the internet has set off, which is only going to increase. What’s more, information is becoming stored in increasingly disparate areas: across the Surface web; the Deep web and the Dark web, but also across connected storage. Ensuring data security involves scanning massive amounts of data across an increasingly complex internet landscape. Scanning a vast amount of data ensures a more thorough search, but the challenge is that you are left with a lot of findings to sift through afterwards. For example, the CybelAngel solution scans billions of data sources, and detects about 1 billion documents, per day. If you’re going to look for data leaks, you may as well look everywhere, but if we weren’t about to filter the findings later, we simply wouldn’t be able to cope with such a vast amount.

Keeping it resource-light

The ability to powerfully filter big data becomes even more critical when you consider the severe resource shortage that is currently plaguing the cybersecurity industry. According to data, 51% of cybersecurity professionals are experiencing a skills shortage, and this percentage has been steadily growing since 23% of the segment reported the same thing in 2014. This is why CISOs and CIOs often get overwhelmed with unfiltered threat intelligence feeds which spew forth hundreds of alerts each day, requiring significant human processing to be made sense of. CISOs and CIOs simply don’t have time for noisy feeds, and quickly become frustrated with them as a result.

Extracting meaning from big data

Big data is an extremely powerful success factor in cybersecurity, but it needs to be filtered, and this is where machine learning can shine. Let’s look at our own solution as an example: out of the 1 billion documents that we detect each day, we identify hundreds of thousands of potential threats based on matches to the keywords our customers provide us. From there, our machine learning algorithms are able to drill down to the threats that appear to be the most critical. It does this by mimicking the decision-making process of a human analyst, whose job it is to qualify and investigate potential threats. Machine learning helps us increase the breadth of our scanning, and therefore our thoroughness, but it also saves our customers’ time, which is becoming an increasingly important commodity for them.

Where our expert cyber analysts shine

We are huge fans of AI, and we are very proud of our advanced application of it in our CybelAngel solution. But we are also aware that AI is at its best when it is applied in a way that draws upon the respective strengths of machines and humans. This is why we also place a lot of importance on our team of expert cyber analysts. From the potential threats that our machine learning technology extracts, our expert analyst team filters down to the verified threats. This is because there are certain things that humans are more sensitive to than machines. In our case, the machine learning algorithms sometimes identify documents which match our customers’ keywords, but which are not actually relevant to a customer. We rely on our analysts to perform a human filter of the algorithms’ findings in order to completely remove the false-positives that arise from the reduced contextual sensitivity of machines.

The perfect combination of artificial and human intelligence

In order to save our customers even more time, our analysts then go on to investigate the sources of the threats or data leaks they verify, in order to produce contextual reports. Armed with this information, our customers can focus on what they do best: swift and effective take-down of threats. Of course, our analysts are also available to guide and support our customers throughout the remediation process.

These are all tasks which we can’t expect machines to perform at the same level as humans, at least not at this point in the development of the technology. AI will be an indispensable lever in the future of cybersecurity as we struggle to keep up with big data and the complexity of the internet landscape. No less so as the industry’s skills shortage continues to worsen over time. That said, we are not believers in AI for AI’s sake. We believe in an application that can harness the strengths of both humans and machines. In our case, that means the power of smart algorithms to handle vast amounts of data, the power of machine learning to drill down to the critical threats, and the power of our analysts to eliminate false-positives and assist in remediation.