AI-enhanced cybersecurity is a must in 2021 and beyond. Clearly, the industry agrees — you’ll find an endless list of AI security platforms in the marketplace. What do vendors really mean when they use the term “artificial intelligence?” AI can be a fluid term, and sometimes mean different things to different people, and although marketing teams at cyber companies are using this ambiguity to their advantage, too often when it comes to the actual implementation and use of these platforms, the technology and promise falls short of AI in it’s true scientific sense.
But this isn’t always the case. Some artificial intelligence is and will be groundbreaking for the cybersecurity industry. For example, predictive, “Third-Wave AI,” which is a term originally coined by DARPA to mean contextual and self-adaptable without the need for human training and tuning, can empower organizations to shut down threats before they happen, free from the restrictions and encumbrances of rules-based platforms like SIEM and other legacy AI-enhanced options.
Before you invest in a cybersecurity platform upgrade, carefully consider your options. Second-wave AI solutions may work in the short term, but modern cyber criminals have devised countless ways to break these platforms and programs. To fend off data breaches, malware, ransom attacks and other cyber crimes, SOCs will need more robust, third-wave AI solutions.
What is Third Wave AI?
Predictive AI has been a part of cybersecurity for several years now, to varying degrees. The biggest distinction between legacy solutions and modern AI is that third wave, predictive AI detects and surfaces threats in real time.
The U.S. Defense Advanced Research Projects Agency (DARPA) outlines three eras of AI:
Predictive AI is a type of machine learning that automatically collects, analyzes and tests data. As it relates to cybersecurity, this technology is often seen in applications like anomaly detection platforms, threat detection and cybercrime prevention.
Predictive AI is patterned on the human brain, but powered by the immense power and speed made possible only through computing processes. Today’s strongest systems are powered by quantum computing.
Until fairly recently, enterprises and medium-size organizations tended to work with traditional cybersecurity platforms based on first and second wave AI. One particularly popular choice has been SIEM (Security Information and Event Management) systems, which rely on a set of rules that “train” AI to detect network anomalies based on expected behavior.
SIEM looks promising on paper, but as many organizations soon become aware, the approach is fundamentally flawed. One overarching issue are the ongoing costs created by SIEM. Basic log storage, incremental analytics and maintenance are all quite costly (and unavoidable).
Security analyst talent is often wasted by SIEM platform functions, as well, due to an overabundance of false positives created in response to context limitations. There are only so many rules the human team can create, and since modern networks rely on constantly evolving baseline behavior, it would be impossible to keep up with all the necessary rules, anyway.
Predictive AI can power modern, responsive cybersecurity platforms, outperforming previous-generation solutions in several key areas.
