89434665 M

MixMode’s Approach to AI

Using MixMode's Context Aware AI

The PacketSled platform uses MixMode’s context-aware Artificial Intelligence to provide a continuous baseline of your network environment by monitoring historic traffic and taking into account typical network monitoring rules. This allows PacketSled to distinguish normal traffic from potential threats, eliminating 90% of false positives. Our system cuts through the noise and delivers actionable alerts, enabling you to respond to detections immediately.

Context-aware AI can interpret, learn and react to behavioral activities surrounding network data. It dynamically establishes baselines, identifies threats and sends immediate alerts, helping prevent attacks on critical data systems. It greatly reduces the strain on your cybersecurity resources while profoundly diminishing risk.


According to the Ponemon Institute:

  • Companies average 17,000 malware alerts weekly and only 4 percent are investigated.
  • 40 percent of infections go undetected.
  • Organizations (with 500+ employees) waste on average 395-man hours a week “chasing erroneous alerts.” This equates to well over one million dollars per year per company.

According to McAfee:

  • 30 percent of IT pros admit to ignoring security alerts due to high volumes of false positives.
  • 42 percent of companies have seen a noticeable drop in productivity from end users due to false positives.
  • Half of enterprises have six or more tools that generate security alerts.
  • The average enterprise generates nearly over 2.7 billion actions in cloud services per month (e.g. login, upload, comment), of which only 2,542, on the average, are actually anomalous.
  • Of the 2,542 anomalous events, only 23.2 are actual threats, a ratio of nearly 110:1.

“AI is one of the most important things humanity is working on. It’s more profound than, I don’t know, electricity or fire.”

Sundar Pichai, CEO of Google
102393905 M

A.I. that Defines Normal Behavior 

If your security software cannot establish normal behavior on an ongoing basis (as opposed to a one-time baseline), then how does it detect abnormal behavior? Answer: it can’t. And that is why false positives are a huge problem. PacketSled’s instant baseline ability means the AI system can rapidly interpret normal/typical activities happening network-wide and delineate them from abnormalities.

One simple example: if your network sees a large file transfer happen every Tuesday at 10 am to a specific destination, the system will baseline this activity and not send alerts on this activity. Should the same file transfer randomly occur at Wednesday at 1 am or someone tries to send it to a different location, this system will instantly alert you of this deviation. 

Once initially established, the baseline of your network dynamically evolves over time as the AI continuously evaluates changes in network behavior and learns from these changes.

Your Network’s Evolving Baseline

MixMode’s Artificial Intelligence is the “third wave” of AI (link to e-book). Context-aware AI can interpret, learn and respond to behavioral activities surrounding network data.

It constantly evolves and reacts to new deviations from the set baseline, quickly determining if the deviation is normal behavior (to be added to the baseline) or actionable intelligence to alert security personnel. The reduction of false positives through automation will enable your team to be more proactive in managing alerts and real threats.

The system includes a method for human-machine interaction; in particular, communication with an operator enabling action on the information provided within the system and the ability to instruct the system on the classification of new security threats. 

It delivers plain English alert communication to the operator such as “I think this is normal behavior,” or “you should be aware of this unusual IP accessing your network.”

Let’s talk about reducing your false positives. Fill out the form to start a dialogue.