Check Out All The Smart Security Summit On-Demand Sessions Here.
Human intelligence and intuition are essential to train artificial intelligence (AI) and machine learning (ML) models to provide enterprises with hybrid cybersecurity at scale. Combining human intelligence and intuition with AI and ML models helps capture the nuances of attack patterns that elude numerical analysis alone.
Experienced threat hunters, security analysts, and data scientists help ensure the data used to train AI and ML models enables a model to accurately identify threats and reduce false positives . The combination of human expertise and AI and ML models with a real-time stream of telemetry data from many enterprise systems and applications defines the future of hybrid cybersecurity.
“Based on behaviors and information, AI and ML allow us to predict [that] something will happen before it happens,” says Monique Shivanandan, CISO at HSBC, a global bank. “It allows us to cut out the noise and focus on the real issues that are happening, and correlate data at a rate and speed unheard of just a few years ago.”
Hybrid cybersecurity is becoming a service businesses need
The integration of AI, ML, and human intelligence as a service is one of the fastest growing categories in enterprise cybersecurity. Managed detection and response (MDR) is the service category that is benefiting most companies that need hybrid cybersecurity as part of their broader risk management strategies. Gartner saw a 35% increase in related customer inquiries. Additionally, it forecasts the MDR market to reach $2.2 billion in revenue in 2025, from $1 billion in 2021, growing at a compound annual growth rate (CAGR) of 20.2%.
On-Demand Smart Security Summit
Learn about the essential role of AI and ML in cybersecurity and industry-specific case studies. Watch the on-demand sessions today.
Gartner also predicts that by 2025, 50% of organizations will use MDR services that leverage AI and ML for threat monitoring, detection and response functions. These MDR systems will increasingly rely on ML-based threat containment and mitigation capabilities, enhanced by the skills of experienced threat hunters, analysts and data scientists, to identify threats and stop violations for customers.
Effective against AI and ML attacks
Hybrid cybersecurity continues to escalate as a priority in organizations that lack sufficient AI and ML modeling specialists, data scientists, and analysts. From fast-growing small businesses to medium and large enterprises, CISOs surveyed by VentureBeat highlighted the need to defend against deadly, fast-paced cybercriminal gangs that pick up AI and ML skills faster than they do. “We champion a hybrid approach to AI to win [the] user and executive trust, because having explainable answers is very important,” said AJ Abdallat, CEO of Beyond Limits.
Cybercriminal gangs with AI and ML expertise have shown they can move from the initial point of entry to an internal system within one hour and 24 minutes of the initial moment of compromise. The 2022 CrowdStrike Global Threat Report noted over 180 tracked adversaries and a 45% increase in interactive intrusions. In this environment, staying one step ahead of threats is not a problem on a human scale. This requires the powerful combination of machine learning and human expertise.
Endpoint Protection Platforms (EPPs) based on artificial intelligence and machine learning, endpoint detection and response (EDR) and extended detection and response (XDR) are proving effective in quickly identifying and defend against new attack patterns. However, they still need time to process and learn about new threats. AI and ML-based cybersecurity platforms use convolutional neural networks and deep learning to help reduce this latency, but cyberattackers are still developing new techniques faster than AI and ML systems. ML cannot adapt.
This means that even the most advanced surveillance and threat response systems that enterprises and MDR vendors rely on struggle to keep up with the ever-changing tactics of cybercriminal gangs.
For MDRs and CISOs to handle hybrid cybersecurity well, finding the right talent is key to success. “It’s not just about building models, but [about] maintain, develop, evolve and understand them to avoid bias or other risks,” says HSBC’s Shivanandan.
First-ever closed-book MITER ATT&CK assessments for security service providers validate the effectiveness of MDRs in delivering hybrid cybersecurity protection using AI and MI models. The purpose of the ATT&CK assessment is to test a vendor’s ability, accuracy, and willingness to identify and stop an attempted breach without the vendor knowing when and how it will occur. Stress testing MDR platforms with no warning to participants can provide CISOs with actionable guidance on how MDR systems perform in real-world attack situations.
Darktrace, CrowdStrike, McAfee and Broadcom/Symantec are some of the leading MDR vendors that offer AI and ML modeling and have a large base of threat hunting experts, analysts and data scientists. CrowdStrike combines its Falcon OverWatch service with a suite of AI and ML-based modeling and reporting services, including its agent-based ML, cloud-native ML, and powered Indicators of Attack (IOAs) by AI.
Human intelligence improves the performance of AI and ML models
The combination of human intelligence with supervised, unsupervised, and semi-supervised machine learning algorithms improves model accuracy, reduces the likelihood of false positives, and fills hidden gaps in the massive amount of data with which models are run. trained. “We don’t let machine learning algorithms work without humans,” says Shivanandan. “We still need that human presence to assess and adjust our model based on real events.”
MDR vendors’ experienced threat hunters, analysts, and data scientists routinely provide labeled data for training supervised AI and ML algorithms. This ensures that a model can accurately classify different types of network traffic and identify malicious activity. These threat hunters also provide guidance and supervision to ensure the model learns the correct patterns and accurately distinguishes between different types of threats.
“Supervised learning is a powerful way to create highly accurate classification systems – systems that have high true positive rates (detecting threats reliably) and low false positive rates (rarely causing alarms on a benign behavior),” CrowdStrike’s Sven Kresser wrote in a recent blog post.
Unsupervised algorithms are also fine-tuned with human intelligence by managed detection and response professionals, who regularly review and label the patterns and relationships discovered by each algorithm. This helps improve the accuracy of each predictive model and ensures that it can identify unusual or abnormal behavior that may indicate a threat.
Similarly, semi-supervised algorithms are trained using a combination of labeled data provided by threat hunters and unlabeled data. This allows analysts and data scientists to provide guidance and oversight of the model, while enjoying the benefit of using larger datasets.
Reduce the risk of business disruption
Faced with the risk of a devastating cyberattack affecting their ongoing business operations, boards, CEOs, and CISOs are talking more often about risk management and how hybrid cybersecurity is a business investment. CISOs tell VentureBeat that hybrid cybersecurity is now part of the 2023 board-level cybersecurity initiatives to protect and drive more revenue.
Hybrid cybersecurity is here to stay. It helps businesses solve their core challenges by protecting against increasingly sophisticated AI and ML-based cyberattacks. CISOs that don’t have the budget or staff to accelerate AI and ML modeling rely on MDR vendors that use AI and ML-based EPP, EDR, and XDR platforms as part of their services.
MDRs allow CISOs to implement hybrid cybersecurity at scale, relieving the challenge of finding experienced AL and ML model builders with experience on their core platforms. CISOs view hybrid cybersecurity as essential to the future growth of their organization.
VentureBeat’s mission is to be a digital public square for technical decision makers to learn about transformative enterprise technology and conduct transactions. Discover our Briefings.