SOC teams can’t look into a crystal ball to predict their next cyber attack, but armed with the right tools, threat prediction can feel downright magical in 2022. It is, in fact, actually possible to predict an attack before it even starts — no magic required.
When hackers breach a network, focus naturally, and wisely, turns to the first point of intrusion. But a wider view, one that includes an understanding of what happened after the breach can empower your organization to predict — and most important, prevent — the next attack. MixMode is helping organizations across the country do just that, every day. Here’s how.
As data from sources like network traffic, cloud logs, intel and notices, and other time-stamped cybersecurity data is ingested by the MixMode AI’s processing layer, the platform surfaces anomalies based on discrepancies between past behavior encoded in the evolving forecast and current behaviors in 5-minute intervals of observation.
2. Risk level assessment
Risk levels are provided to the user, along with a comprehensive list of context data, enabling rapid response that is around three times shorter than the attack time of the world’s most capable hackers (estimated at 18 minutes and 49 seconds by CloudStrike).
3. Attack prediction
When MixMode is deployed on a new network, it quickly learns the enterprise network or cloud environment within 7 days, with no human tuning or configuration required. With that 7 days, organizations start to see ROI in the form of:
- Zero day alerts
- 95%+ reduction in false positive alerts
- Identification of rogue machines, open ports, and environmental misconfigurations
MixMode vs. Legacy Cybersecurity Approaches
Typical machine learning systems take 6-24 months to “train” and deliver value, yet that sunk time delivers less ROI in the form of exploitable blindspots and hours of work hours spent on ongoing configuration and tuning. All told, MixMode is 25 to 100 times more efficient to deploy and more efficient to run once deployed than these legacy solutions.
It’s Not Magic — It’s Third-Wave AI
If there is “magic” to be found, it’s surely within MixMode’s third-wave AI capabilities, which enable the platform to run truly unsupervised in a way that surfaces context-based alerts and comprehensive information about network behavior in real time. Ultimately, MixMode users spend less analyst time on threat chasing, allowing those resources to be used on more impactful, proactive, future-forward security measures.
MixMode’s third-wave AI takes a deep dive below the surface, looking beyond endpoint damage created by exfiltrating or encrypting damage. The platform is sophisticated enough to examine the footprints left behind when attempted breaches are made. The MixMode approach is a kind of “negative time detection,” where the platform predicts the actions of intruders before the damage is done. One real world example is a recent third-party test where MixMode’s AI informed analysts about anomalous DNS scanning previously unseen by MixMode AI, before any damage to the system was carried out.
MixMode’s approach matches the level of sophistication required to meet (and defeat) modern cybercriminal activity. By discovering the underlying normal and abnormal patterns on networks automatically and then dynamically adapting to them, users are far better equipped to face an ever-evolving, AI-driven threatscape.
Legacy systems fail to compensate for the natural ebb and flow of human exchanges over enterprise networks — even situations as benign as the natural fluctuation in traffic volumes over the course of a given work week are rarely taken into account by rules-based platforms. MixMode effectively lives on networks, learning regularities in the “stochastic” part of the network behavior that depends on such exchanges.