The following is an excerpt from our recently published guide, “The Next Generation SOC Tool Stack – The Convergence of SIEM, NDR and NTA.” In this guide we analyze the failed promises of SIEM platforms, how Network Traffic Analysis (NTA) and Network Detection and Response (NDR) tools fit into the equation, and how third-wave, self-supervised AI is created outside the limitations of the legacy architectures that are holding back many of today’s security vendors.
MixMode creates a generative baseline. Unlike the historically-based baselines provided by add-on NTA solutions, a generative baseline is predictive, real-time, and accurate. MixMode provides anomaly detection and behavioral analytics and the ability to suppress false positives and surface true positives. The generative nature of the baseline created by MixMode allows it to be created in a week, versus the months or even years-long process required by some security platforms.
Geoff Coulehan, Head of Strategic Alliances at MixMode says that while it may be difficult to imagine that an AI-first approach actually represents cost savings and operational efficiency gains, MixMode’s third-wave, self-supervised NTA AI platform is the ideal network security solution for today’s complex security threats.
“An AI-first approach means improved operational efficiency, decreased resources spent on training, and increased management visibility into understanding what’s happening with the network and its vulnerabilities,” he says.
When executives can pinpoint where attacks are coming from and name true threats to system resources, they can confidently allocate resources to address threats directly. “It’s a much more compelling discussion for a board-level meeting than asking for another ten million dollars to continue propping up a SIEM that we have just for compliance reasons,” he says.
A third-wave self-supervised AI solution like MixMode mitigates many of the issues inherent to SIEM platforms. MixMode accomplishes the following:
- Creates a generative, responsive, real-time network baseline within a week without the need for humans to configure or tune the system.
- MixMode is a software-based system that does not rely on appliances.
- Is context-aware and triggers fewer false positives and catches more actual threats.
- Is not dependent on logging and reports that attract hackers and take up security analysts’ time.
- Requires less human input and interaction, reducing the risk of human error and increasing overall team efficiency.
MixMode reviews, records, and analyzes the flow of information between IP addresses to provide accurate baseline behavior. Based on an accurate baseline, the platform can detect, in real time, anomalies like increased bandwidth use, large-size outbound file transfers, recurring micro-transfers to unexpected geo locations, distributed denial of service (DDoS) attacks, and other irregular behavior that might go unnoticed in a typical SIEM setup. The MixMode system is built to be additive to historical data that has limited predictive ability.