In a world where bad actors are capable of building sophisticated AI capable of sidestepping traditional cybersecurity platforms, it has become critically important to onboard tools that work in real-time, are deadly accurate, and can predict an incident before it happens.
Yesterday’s solutions are no match for today’s threats. MixMode believes the answer lies in unsupervised AI that can virtually leapfrog over the abilities of adversaries.
What is unsupervised AI and why is it superior to supervised AI?
Respected AI researcher Yann LeCunn recently stated that “the next revolution in AI will not be supervised,” which almost all current cybersecurity providers utilize as the backbone of their artificial intelligence. LeCunn states that unsupervised learning, which in contrast to supervised learning does not require human labeling, is “the future of AI.”
What does LeCunn mean by unsupervised AI? In simple terms, unsupervised AI uses algorithms to identify patterns among data that have not been classified or labeled by humans. This is in direct contrast to legacy cybersecurity approaches, which have relied on rules created around labels — with these approaches, data that has not been labeled goes largely unnoticed.
Today’s MixMode platform was 20 years in the making, under the watchful eye of MixMode’s Chief Scientist Dr. Igor Mezic, who adapted it for projects with DARPA, DoD and others. The company has been awarded three patents related to leveraging “third-wave AI” for network security, with several more pending. Third-wave, as defined by DARPA, is AT that has contextual and explanatory models, giving the technology “human-like reasoning capabilities.” Third-wave AI is never dependent on rules-based systems like SIEM in the cybersecurity world.
MixMode’s third-wave, unsupervised approach makes an enormous day-to-day difference over legacy approaches when it comes to two common pain points faced by modern SOCs:
- Managing huge numbers of false positive alerts
- Zero-day and novel threats
Each of these issues can wreak havoc on the effectiveness of SOC teams. False positives take up analyst time that could be better spent on shoring up system vulnerabilities and other security-related tasks. And zero-day attacks, according to a Ponemon Institute study, cost the global community around $2.5 trillion annually and now make up the bulk of successful attacks on organization endpoints.
Rules-based, second-wave approaches fall short.
Legacy systems that rely on rules-based, second-wave regression or Bayesian-based, machine-learning are not up to the challenge of mitigating either of these two pain points due to inherent limitations that make it virtually impossible for these systems to keep pace with the massive amount of data flowing across modern networks. In order to detect novel anomalies at a large scale, the number of rules would be infinite.
These legacy approaches are dangerously exploitable, for several key reasons:
- Inherent biases and blindspots created by human input
- Statistical limitations
- Historical training data requirements that necessitate unwieldy, expensive data stores
- An inability to contextually understand usage at different points
- An inability to adapt to new devices as they are added to networks
MixMode is foundationally better equipped to confront novel threats.
Because MixMode’s AI is unsupervised and capable of automatically learning an environment with no training data or rules, bias and blindspots are eliminated. The platform is also fully equipped to manage networks even as organizations scale. In fact, the system can analyze 108 wire connections in real-time for network packet captures. And in cloud environments, MixMode can ingest billions of records per day, like Flow Logs and CloudTrail data.
Equally important is the MixMode platform’s ability to analyze data from all streams:
- Network traffic
- Cloud logs
- Intel and notices
- Any time-stamped cybersecurity data
As the platform’s processing layer compares real-time data with past behavior encoded in the evolving forecast, it sources anomalies based on discrepancies outside expected behavior. Risk levels and predictions are provided to the user, along with all the underlying context data, available with a single click.
In the end, MixMode users benefit from rapid response time that is, on average, three times shorter than the attack time of the world’s most capable hackers (currently estimated at 18 minutes, 49 seconds).