ai-risk
Using AI in Cybersecurity: How DeepSeas Leverages AI
October 11, 2024
With the rapid adoption of AI, many CISOs and CIOs are investigating how their organization can leverage AI in cybersecurity programs. DeepSeas is leveraging AI to improve threat detection and response.
Watch below as Nate Hausrath, VP of Engineering at DeepSeas, dives deeper into how DeepSeas leverages AI to provide persistent defense to clients.
Using AI in Cybersecurity to Improve Threat Detection
Many product and technology companies are researching how to better detect threats by leveraging AI in cybersecurity. AI isn’t a new field of course, but many of the recent advancements in AI can apply to threat detection – complementing traditional techniques like curated detection technology including IOCs, signature, or rule-based detection.
Any solid cyber program starts with threat detection. Detection with AI and machine learning (ML) has attempted to use different mathematical techniques to discover behavioral patterns and anomalies and then make sense of them. This has been met with mixed results. Producing anomalies is easy, elevating those that matter is a far more difficult problem. However, newer models enable our crew at DeepSeas to look across a broader set of data points, while advances in explainability allow us to make sense of the results. We can also leverage predictive analytics to generate threat intelligence based on trending and historical analyses.
Of course, detection is only a starting point. Events that may be threats require further attention and investigation. This is the next area where DeepSeas leverages AI in our clients’ cyber programs – as an assistant our SOC analysts use during analysis and response.
Leveraging AI in the SOC
After events are generated, an analyst is still often needed to determine whether the activity is malicious or not. Not everything is high confidence enough at detection to take action.
There are three key areas where DeepSeas leverages AI to help our SOC analysts:
- Confidence – Increasing the confidence of analysis and revealing insights
- Automation – Allowing AI to drive decisions and action
- Communication – Providing clarity and oversight as analysts work
One straightforward way that DeepSeas leverages AI is to help increase the confidence of our analysts and point out insights that may take additional time to discover or that analysts could potentially overlook. AI can provide hints or suggestions to the analyst to make sure they fully understand what they are investigating.
Analysts make a huge volume of decisions every day about the events they see which can result in alert fatigue. Security events that are triaged incorrectly, or not at all, can be a major contributor to a breach, as was the case with Target in 2013. AI models can help make sense of inbound security events and related data, providing insight on where analysts should look. Furthermore, AI can support the review of behavior patterns to recognize when an event is marked as false positive, but historical data shows that it would normally be true positive.
For example, PowerShell is a common tool in today’s IT world, but cybersecurity teams are very aware of the volume of alerts it can generate. Bad PowerShell behavior can be like searching for a needle in a haystack. Maybe a particular PowerShell command has never run on a certain workstation. AI can enable fast and confident decisions in PowerShell, allowing DeepSeas analysts to quickly clear false positives and move on to identify true positives, allowing us to respond and protect clients faster.
Getting Real about AI in Cybersecurity (Today)
You may have heard a lot about automating incident response (IR). Like many industries, the cybersecurity industry loves buzz words and tends to over promise. But let’s get real – IR is full of nuance and requires long hours spent collecting data, analyzing systems, and writing detailed timelines about what happened and when. AI can help improve some of this, but it’s a long way from doing our jobs for us.
Rather than focusing on what may be possible in the very distant future, let’s look at where AI in cybersecurity helps us today. We have already talked about increasing the confidence in SOC analyst decision making. If we can reach a point where we are comfortable with a machine’s decision – perhaps 95% confidence, or maybe 99% – we now have an automation opportunity in which we can take the decision and apply an action.
Finally, how do we communicate what has happened? This is where DeepSeas leverages generative AI. We are able to train ML models to provide relevant and accurate guidance and narrative – allowing us to have more dynamic interactions with each other with more relevant information.
Using AI in Cybersecurity to Deliver Persistent Defense
At DeepSeas, we are using AI to enhance our ability to identify and respond to threats. By continually transforming your cyber program, personalizing innovation at DeepSeas around your needs, and connecting you with the right technologies and partners, we are in the best position to provide you with persistent defense.