Joe is the VP of Product Marketing at MixMode. He has led product marketing for multiple cybersecurity companies, with stops at Anomali, FireEye, Neustar and Nextel, as well as various start-ups. Originally from NY, Joe resides outside Washington DC and has a BA from Iona University.
Gartner recently released their newest report titled “Emerging Tech: Security – Improve Threat Detection and Response With AI-Based Behavioral Indications” which covers the emergent need for new AI-Based methods of using behavioral patterns to identify threats. Gartner states that “Current security services are heavily focused on detection activities related to indicators of compromise (IOCs) based on virus signatures, common vulnerabilities and exposures (CVE) and tactic, technique and procedure (TTP). These detection methods rely on historical, often out of date and static patterns of attack.”
We believe this highlights a clear drawback of using traditional threat detection methods that rely on indicators of compromise (IOC’s), common vulnerabilities and exposures (CVE), and tactic, technique and procedures (TTP) and that AI-Based threat detection platforms provide significant advantages over legacy-based approaches.
Another key quote from the Gartner report states that:
“With the growing availability of extended security telemetry, product leaders need to utilize emerging AI capabilities to enhance detection of threats that easily deceive historical detection models.”
A new approach to threat detection and response is needed to effectively defend against today’s modern and increasingly complex threat landscape. Here are our three key takeaways as to why legacy systems are ineffective and inefficient for the modern threatscape and how AI-driven approaches can help enhance your security posture.
MixMode’s Key Takeaways from the Report
Gartner states “With the growing availability of extended security telemetry, product leaders need to utilize emerging AI capabilities to enhance detection of threats that easily deceive historical detection models.”
Our Take: Legacy Detection Tools are No Longer Sufficient
The threat landscape is shifting and advancing at an incredible pace. Legacy detection methods like IOCs and rules-based detection are no longer sufficient to stay ahead of sophisticated attackers. With easy-to-use AI-based solutions like ChatGPT providing hackers with an almost unlimited number of potential sophisticated attacks, these legacy platforms have proven to be reactive and are ineffective in their ability to stay ahead of threat actors.
Per Gartner “sole use of historical indicators of compromise or even TTP-based detection models is insufficient to stay ahead of sophisticated attackers.”
By definition, IOC’s or rules-based threat detection platforms utilize threats that have been identified in the past to alert users of attacks. This means these platforms will never be able to identify an unknown or never-before-seen attack that has no previously recorded signature (i.e. a zero-day attack). These attacks have increased in both quantity and severity, accounting for 40% of the zero-day breaches over the last decade according to an industry report, leaving security teams in desperate need of a solution.
Gartner States: “Product leaders need to advance the correlation and analysis capabilities of their TDIR platforms to leverage the extended volume and breadth of data with AI or deep learning algorithms to use a behavioral indicator detection model.”
Our Take: Embrace the Data
Most security teams underutilize the power of security analytics to correlate and analyze telemetry across the many available IT channels of visibility. Current security services are heavily focused on detection activities related to indicators of compromise (IOCs) based on virus signatures, common vulnerabilities and exposures (CVE) and tactic, technique and procedure (TTP). These detection methods rely on historical, often out-of-date and static patterns of attack.
With the growing availability of extended security telemetry, security teams need to utilize AI driven capabilities to go beyond the analysis of tactical intelligence IOCs to correlate and contextualize behavioral threat IOCs. By doing so, security teams can define behavior profiles and activities to enhance the detection of threats that easily deceive historical detection models.
Gartner States: The ability to use this extended telemetry with the power of behavioral indication engines will result in faster detection of novel attack patterns and the reduction of false positives that steal time and energy from both provider and client threat analysts.
Our Take: Analysts are Still Inundated with Alerts
Security practitioners know all too well the problem that “alert fatigue” can pose. An industry report stated that 70% of SOC teams are emotionally overwhelmed by alert volume and that teams are spending as much as 27% of their time dealing with false positives.
Most of this has to do with legacy rules-based approaches triggering an enormous amount of alerts that often lead to an overwhelming number of false positives. This keeps analysts from focusing on the threats that matter or in some cases to give up looking at alerts altogether because it becomes an impossible task.
MixMode’s Third-wave AI Threat Detection Platform
MixMode was developed using the industry’s most advanced AI to help cut through the noise to detect and surface relevant threats.
Most cybersecurity tools rely on outdated AI technology that uses rigid rules and static training data, taking months or even years to be effective. At MixMode, we’ve revolutionized the use of AI in cybersecurity by introducing the world’s first commercially available DARPA-defined Third Wave AI platform.
MixMode easily integrates into any security environment, ingesting your security data and autonomously identifying patterns and trends without requiring training or pre-defined rules. By creating a custom baseline of your network’s normal behavior, MixMode can identify and surface known or unknown attacks in real-time without the need for rules or IOC’s, providing unparalleled threat detection capabilities and increasing the efficiency and productivity of the SOC.
By constantly evolving and learning on its own and reacting to new deviations from the set baseline, MixMode can quickly determine if a deviation in network behavior is normal or worth investigating further.
Not All AI-driven Approaches are Created Equal
The majority of cybersecurity companies today promote “Artificial Intelligence” in some shape or form to differentiate themselves from their competition.
The fact is that many current cybersecurity solutions are loosely put together from off-the-shelf technology and need just as much operator involvement as the legacy systems they are designed to replace. The total resource costs for sustaining and fine-tuning these so-called solutions can be far higher than the cost of original installation.
MixMode’s AI is built on Third Wave AI technology, while most other solutions use Second Wave AI. Third Wave AI is more advanced and can learn unsupervised, meaning that it does not require human input to learn about a network. This allows MixMode to provide more accurate and timely threat detection than any other solution currently available.
Overall, Third Wave AI can help enhance threat detection capabilities by providing a proactive and automated approach to identifying and mitigating security threats. By leveraging the power of Third Wave AI, organizations can improve their cybersecurity posture and reduce the risk of data breaches and cyber-attacks.
Click here to learn more about how MixMode can help bring you into the next wave of cybersecurity.
Gartner®, Emerging Tech: Security — Improve Threat Detection and Response With AI-Based Behavioral Indications, May 2023
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
Other MixMode Articles You Might Like
Evolving Role of the CISO: From IT Security to Business Resilience
Channeltivity: Understanding Global Channel Management
Balancing Security Spend and Business Priorities
Persistent Ransomware Attacks on Cities Underscores Need to Upgrade to Real-Time Threat Visibility