How Self-Supervised AI Tackles Ambiguity in Network Security

by Geoffrey Coulehan, Head of Sales on March 16, 2021

Cybersecurity vendors promise the moon when it comes to AI. As the recent TechRepublic article, “Why cybersecurity tools fail when it comes to ambiguity,” makes clear, often, these promises fail short in real world network environments.

Writer Michael Kassner rightly unscores the prevailing limitation facing security solutions: ambiguity. It’s true that enterprises have invested millions of dollars into rules-based and log data solutions that are unable to evaluate network behavior with context awareness. They are limited to a current set of rules, human-based training and in many imminent threat situations, a reliance on analyst evaluation.

What Kassner is missing, however, is the relatively recent emergence of context-aware, self-learning AI — the innovation driving the MixMode platform. After establishing a baseline of expected networking behavior in about a week, MixMode relies on predictive, third-wave AI that integrates with and responds to real-time network behavior.

Modern Cyber Threats Are No Match for Traditional Cyber Tools

Kassner points out that traditional cyber tools, “struggle with ambiguity” in that they typically are not able to make confident decisions about whether to allow or block risky actions. As an example, he describes an employee accessing sensitive files after hours — behavior that isn’t necessarily anomalous, but nonetheless, could easily be outside the bounds of the network behavior expected by a traditional, rules-based cybersecurity solution like SIEM.

Situations like this occur frequently in today’s fast-paced hybrid network environments, where many enterprises are juggling a mix of legacy and on-prem connections, cloud storage and processing, IoT inputs and more. It is no exaggeration to say that a robust, protected network backbone is critical for virtually every medium to large-size company.

Sponsorships Available

So, what happens when SIEM triggers on acceptable-but-unexpected behavior? There are a few likely results, none of which are great for business:

The user could be locked out of the system on the spot
The system could throw a false positive flag that will have to be reviewed later by a security analyst
Eventually, the next rules update will need to include an exception based on the behavior, a process that must work its way through several point people for some large enterprises

Essentially, systems that use older AI tend to follow the “better safe than sorry” philosophy. In reality, these systems can become so bogged down with false negatives and positives that SOCs can become distracted, while missing authentic threats.

Another timely example is the 2020 pandemic, when millions of workers shifted abruptly to unexpected, work-from-home arrangements. Bad actors had been waiting for an event like this and swooped in to exploit vulnerabilities in networks small and large, including networks protecting hospitals and government systems at a time they were desperately needed.

For all the billions of dollars invested in AI-enhanced cybersecurity, an alarming number of major organizations found themselves battling data breaches and in some cases, coughing up hefty ransoms to keep vital systems online.

Third Wave AI Thrives in Ambiguous Environments

Computer technology has had a close relationship with AI for decades. The “first wave” of AI, which can handle repetitive, narrowly-defined tasks like chess simulations, led to “second-wave” advances like data labeling and rules-based cybersecurity platforms.

These applications provide some level of prediction capabilities, but are unable to offer much in the way of reasoning or context. That’s where third-wave AI comes in — the MixMode platform leverages generative, self-supervised AI that can accurately predict future network behavior in real-time. When unexpected activity happens anywhere on the network, MixMode analyzes the behavior in the context of how the network is used in real world circumstances.

Set Up a MixMode Demo Today

MixMode can cut through the ambiguity and help you get a clear picture of network behavior so your SOC can focus on urgent tasks instead of babysitting your cybersecurity platform. Learn more about how MixMode is prepared to handle the modern cybersecurity threatscape and set up a demo today.