The cybersecurity industry is in need of a massive shakeup.
Reason 1: With the proliferation of rules-based software platforms and point solutions, there has come an exponential increase in false positive security alerts. There is a major information overload problem in security today. In a recent report, security analysts report that they are inundated with false positives. McAfee says that less than 1% of anomalous events are actual threats. The bottom line is that simply adding more software platforms is not a useful path toward fixing a security program. Many of the most advanced security teams we have talked with have a goal of reducing the number of platforms they use, to reduce alerts and screens — and improve efficiencies.
Reason 2: Zero-day threats are on the rise. The Ponemon Institute recently reported that by 2021, there will be one new zero-day exploit every day, compared to 2015 when there was about one per week. The common theme we hear from prospects and customers: “We don’t know what we don’t know.” Threat intel feeds, lists and “intelligence” generally are rear-view mirror types of data that are neither predictive nor helpful in detecting zero-day threats. The industry wants a platform that is predictive, and transparent as to how that platform truly works.
These problems above are big and getting bigger. Enterprises are wilting under the pressure to deliver a rational security program with small budgets and an inability to hire experienced staff even if they have budget. Outsourcing to an MSSP is also difficult because the MSSPs are faced with many of these same challenges on hiring and alert fatigue. With approximately 3.5 million open cyber jobs by 2021, companies are looking for predictive solutions that drive productivity, and do it quickly.
AI in Network Security Is Ripe for Disruption
So when we set out to deliver unsupervised, predictive AI as a service, we did so with these two problems in mind. For MixMode, unsupervised AI means 7 days of “training” the system versus 6-24 months for a typical deep learning AI or ML system. This months-long or years-long effort of upfront (and ongoing) training is ripe for disruption.
Unsupervised AI also means adding a predictive component to your security program so you have an AI-built model of your network that allows you to know what 3:01pm on a Thursday should look like, before that time comes.
Our platform is designed to reduce false positive alerts by 90% or more, and to detect zero day threats that a typical cybersecurity system (based on rules) could not surface.
Is Predictive Intelligence Possible in Cybersecurity?
The next question was how to deliver predictive intelligence to the industry. Should it replace existing systems or extend the life of those systems? Our answer is “yes” to both. Our platform is being used to extend the life of existing platforms by adding an intelligent and predictive component to such platforms — reducing workloads on existing SOC teams so they can be more proactive, predictive, and efficient. In other cases, our platform has been used to replace a SIEM, IDS or a meta-analytics platform.
The MixMode platform is an agnostic, predictive intelligence layer that reduces false positive alert volumes and detects anomalies across any data stream. Is there a data stream in your program where you could use more predictive intelligence and less noise?