Welcome to our Q&A session with Karen Buffo, CMO of MixMode, hosted by CloudTweaks. Today, we’ll explore the profound impact of generative Artificial Intelligence (AI) on cybersecurity. As AI takes center stage across industries, Karen will offer her insights into how it’s reshaping the cybersecurity landscape. Join us as CloudTweaks sits down with Karen to discuss the challenges, opportunities, and transformative potential of AI in safeguarding digital ecosystems.
To start off, could you tell us more about the motivation behind commissioning the “State of AI in Cybersecurity Report 2024,” and why you chose to collaborate with the Ponemon Institute for this initiative?
The rise of generative Artificial Intelligence (AI) brought AI to the forefront in multiple fields, including cybersecurity. Being veterans of the industry, we realized that there are a lot of misconceptions about what AI is and is not, specifically the differences between machine learning and true artificial intelligence. When we saw other cybersecurity vendors slapping generative AI on what they were doing, knowing full well they were nothing more than machine learning, we saw a need to develop more research and education around AI.
One of our founders is Dr. Igor Mezic, who, according to Stanford University and Elsevier, is in the 0.05 percent of the most influential scientists of all fields. Igor, a renowned AI researcher, has spent his career developing complex algorithms and AI for data analytics and was instrumental in developing our proprietary AI-powered technology. MixMode’s AI was developed based on over 20 years of underlying research, including using proven methodologies applied to projects executed at DARPA, the DoD, and others, paving the way for using AI for advanced threat detection. When we see others slap an AI tag on just anything, we see how it is confusing the market, and we’d just like to bring the true AI players to the forefront and help educate the cybersecurity industry on AI.
Ponemon is a recognized leader in developing and delivering quality research.
Their cybersecurity reports, in particular, have become influential based on the reputation of their research, so it was only natural for us to want to partner with them on a topic that needed to be addressed.
The report mentions that 53 percent of organizations are at the early stages of AI adoption. Based on your observations, what are the primary factors holding companies back from advancing to more mature stages of AI implementation in cybersecurity?
We think there are several reasons holding companies back. First and foremost, AI hype fatigue – There has been excessive hype and overpromising around AI in recent years across all sectors. In cybersecurity specifically, vendors have overstated AI’s capabilities. This hype fatigue has made the industry skeptical of AI claims.
AI anxieties – There are underlying anxieties among some cybersecurity professionals that AI could replace their jobs. Explicitly touting AI adoption can stir fears about automation displacing human roles. This fuels resistance to openly embracing AI.
Technical barriers – While AI capabilities have come a long way, developing and deploying AI still requires specialized skills. Many organizations feel they lack the resources or talent needed to operationalize AI successfully.
AI misconceptions – Myths and misconceptions about what AI is and isn’t capable of are still prevalent. Some erroneously equate AI with true autonomy and advanced cognition rather than machine learning. These misconceptions foster unreasonable expectations and distrust.
Immature AI adoption – While AI has enormous potential, most applications in cybersecurity remain narrow and immature. Shouting loudly about AI when offerings lack robust functionality invites criticism about over-promising.
As the misconceptions get addressed, understanding improves, and true AI solutions deliver on the promise of AI, you’ll see wider adoption from organizations that want to harness the power to optimize their security teams.
With 45 percent of organizations experiencing cyberattacks in the past year, what role do you see AI playing in not just responding to, but proactively preventing these incidents?
The high rate of successful cyberattacks underscores the need for stronger proactive defenses to disrupt threats before they cause damage. This is an area where AI holds great potential if leveraged strategically rather than just reactively.
Specifically, the scalability AI can achieve can reinforce prevention by processing billions of signals to detect subtle anomalies that indicate emerging threats that rules-based systems can’t handle and will miss. Identifying these threats allows security teams to be proactive and prevent full-blown attacks.
AI can also anticipate attacker behavior by understanding patterns hidden in vast quantities of threat data to preemptively harden infrastructure against predicted attack vectors before any attack occurs.
With attackers automating more steps of the attack chain using AI, organizations must leverage AI to keep up and outmaneuver them. Instead of purely reacting, security leaders should view AI as an anticipatory, proactive defense mechanism by baking it into prevention processes to help arm their SOC teams.
MixMode’a AI identifies pre-attack behaviors and anomalies indicative of a potential attack by creating a continuously evolving baseline. This enables MixMode to deliver highly accurate predictive attack vectors, emerging risk impact analysis, and preventive recommendations that transform mean-time-to-detect (MTTD) to -mean-time-to-prevent (MTTP), enabling organizations to take a proactive approach to threat detection.
Given the report’s finding that 70 percent of respondents believe AI is highly effective in detecting previously undetectable threats, could you share some insights into how MixMode’s patented self-learning algorithm differentiates itself in this capacity?
MixMode’s Advanced AI is uniquely born out of dynamical systems (a branch of applied mathematics) and begins learning immediately without a pre-existing or established baseline. MixMode’s AI utilizes self-supervised learning to learn and understand a customer’s environment. As it learns, MixModes AI creates a continuously evolving baseline that adapts and evolves to understand normal and abnormal behavior patterns.
Understanding this behavior enables MixMode’s AI to continually forecast what’s expected to happen next. If what we see deviates from expected behavior, MixMode will highlight these events for further investigation. This also enables MixMode’s AI to alert on the absence of expected events, which other solutions can’t do.
MixMode’s AI enhances the SOC’s ability to identify and respond to complex signature-less attack vectors that traditional rules-based security solutions miss, including: AI-generated attacks, Insider Threats, Supply Chain Attacks, Zero-day, Ransomware, and Identity Threats.
The necessity for AI to not only detect but also to create rules based on known patterns and indicators of threats is emphasized. How does MixMode ensure its AI solutions remain adaptable and effective in the face of evolving cyber threats?
Current solutions in the market leverage “first or second-wave AI” technology that uses a combination of rules and thresholds or static “training” data to make decisions about data that can take between 6 to 24 months of learning to begin working.
The MixMode Platform is the world’s first commercially available threat detection and response solution built on Third Wave AI that starts learning immediately and delivers tangible results in days, often hours.
MixMode’s AI is based on a dynamical foundational model that builds upon the methodologies introduced in first-wave (rules-based) and second-wave (machine learning) solutions. It is grounded in the principles of dynamical systems theory, which investigates how systems evolve and how their behavior is influenced by internal and external factors.
Rule-based and supervised machine learning systems operate on a “look back” basis.
They create rules based on historical behavior, missing novel attack methods. MixMode’s AI constantly adapts itself to the specific dynamics of an individual network in real-time to anticipate new threat vectors rather than using the rigid legacy ML models typically found in other cybersecurity solutions.
The MixMode Platform operates independently, does not rely on predefined rules, and does not require human operators to deploy, run, or tune. Unlike legacy systems that spend hours creating and maintaining rules, MixMode’s AI dynamically adapts to the evolving threat landscape.
Addressing the cybersecurity skills shortage is a significant challenge. How does MixMode’s AI technology specifically help to mitigate this issue, and what are the benefits of AI in enhancing the efficiency and effectiveness of cybersecurity teams?
There’s all this talk about AI replacing jobs and making them obsolete. But in cybersecurity, you always need that human element to review findings. AI should not be viewed as a replacement for security analysts. It should be considered as a way to enhance the organization’s security posture, uplevel existing analysts, or improve the day-to-day operations for security teams.
MixMode’s AI improves security operations significantly by proactively detecting and responding to threats at scale while empowering security teams to operate more effectively and efficiently.
Advanced Attack Detection: Detect and mitigate advanced and evolving cyber threats in real-time, including: AI-generated attacks, Insider Threats, Supply Chain Attacks, Zero-day, Ransomware, and Identity Threats. This enhances the SOC’s ability to identify and respond to complex attack vectors that traditional security measures may overlook.
Alert Prioritization: Automatically prioritize security alerts based on their severity, potential impact, and relevance to the organization’s specific threat landscape. This enables security teams to focus on the most critical threats, reducing response times and improving overall incident management efficiency.
Alert Enrichment: Enhance security alerts with contextual information, such as threat intelligence, MITRE ATT&CK framework, historical data, and asset relevance, to provide analysts with comprehensive insights into potential security incidents. This empowers SOC analysts with enriched data to make informed decisions and take swift, targeted actions in response to security alerts.
Analyst Augmentation: Leverage AI to assist security analysts by automating repetitive tasks, correlating disparate data sources, and providing actionable insights to support decision-making. This frees analysts’ time to focus on high-value activities like threat hunting, incident response, and proactive security measures.
SIEM Optimization: Integrate with existing Security Information and Event Management (SIEM) solutions to enhance their capabilities with AI-driven threat detection and response. This helps augment existing investments like SIEM with advanced analytics and machine learning to improve security event correlation and analysis accuracy and efficiency.
CEO John Keister mentioned the potential for AI to automate and augment security operations. Can you elaborate on how MixMode’s solutions help security teams reduce noise and complexity in their operations?
Most organizations rely on legacy rules-based approaches that cannot keep up with the evolving tactics and techniques used by attackers today and are only effective at detecting 20% of successful attacks in the current threat landscape.
This leaves organizations vulnerable to 80% of successful novel attacks, including AI-generated attacks, Insider Threats, Supply Chain Attacks, Zero-day, Ransomware, Identity-Based Threats, and more.
In addition, legacy rules-based approaches are often too complex and time-consuming to manage. This can lead to security teams being overwhelmed and unable to effectively monitor for threats on technology that does not scale and only detects signature-based attacks.
MixMode’s patented AI-powered threat detection and response platform has been proven to scale and analyze large data volumes to uncover threats existing cybersecurity investments have missed. MixMode Addresses both known and unknown/novel attacks. Novel attacks account for 80% of the successful attacks.
MixMode’s customers utilize the platform for advanced threat detection and investigation response (TDIR). Typically, MixMode acts as an innovative NDR, CDR, or ITDR. This means MixMode will streamline the SIEM experience and enhance the entire security program. We’ve also had some customers consolidate toolsets and utilize MixMode to collect detections across all their large network environments and cloud applications into one platform. In addition, our customers have stated that their SOC analysts are more efficient and effective, stating their tier 1 analysts are now tier 2, tier 2 are now tier 3, and so on, making them not only more productive but much happier in their roles. With the cybersecurity security skills shortage being what it is, we believe our ability to reduce the complexity is a game changer.
AI also introduces new challenges and risks, including adversarial attacks and the need for specialized operator skills. How is MixMode addressing these challenges to ensure the safe and ethical use of AI in cybersecurity?
MixMode places a strong emphasis on security and trustworthiness and adheres to industry best practices and standards for cybersecurity. Our platform incorporates encryption protocols, access controls, and authentication mechanisms to protect sensitive data and ensure compliance with relevant regulations.
MixMode’s AI was designed to identify and mitigate advanced attacks, including adversarial AI. An adversary must understand MixMode’s algorithms and processes to evade detection deeply. However, in attempting to learn and replicate MixMode’s AI, the adversary’s behavior would likely be detected as abnormal by the platform, triggering an alert and preventing further damage.
MixMode’s AI continuously learns from the threat landscape and tailors itself for each environment to successfully identify and address new cyber threats. By continuously studying the threat landscape and adapting new methodologies, The MixMode Platform constantly evolves to ensure that organizations effectively defend against today’s sophisticated attacks.
The report offers several recommendations for organizations looking to optimize AI for cybersecurity. From MixMode’s perspective, what are the key steps companies should take to align their AI initiatives with their business goals and security strategies effectively?
Organizations continue to face increasingly sophisticated cyber threats that require a proactive and adaptive approach to cybersecurity. As the volume and complexity of security data grows, security teams need to leverage advanced AI technologies to enhance their capabilities and stay ahead of emerging threats.
AI must be part of the conversation to ensure it can effectively help security teams and align with an organization’s objectives. Aligning AI initiatives with business goals and security strategies is crucial for successful implementation.
From a broader organizational perspective, here are some key steps organizations should consider:
Define Clear Objectives: Start by understanding why you want to implement AI. Is it for data analysis, process optimization, or customer experience enhancement? This will help to align AI initiatives with broader business objectives.
Craft an AI Strategy: Develop a well-formulated AI strategy that acts as a roadmap that outlines steps to extract insights from data, enhance efficiency, and improve various aspects of the business. This includes:
Holistic Approach: Define the problems you think AI will solve for your organization to understand where AI can add value.
Data Foundation and Governance: Establish an actionable data foundation with proper **data governance**. Ensure data privacy and security across your landscape.
Technology Roadmap: Create a technology roadmap outlining steps needed to achieve AI goals and prioritize initiatives based on alignment with overall business and innovation strategy.
A well-crafted AI strategy acts as a beacon, guiding organizations toward unlocking groundbreaking solutions, outmaneuvering competitors, and shaping the future of the digital landscape, ensuring long-term resilience and sustainable success.
Finally, collaboration and intelligence sharing are highlighted as critical for leveraging AI in cybersecurity. How does MixMode foster collaboration among organizations and stakeholders, and what role do you see this playing in the broader cybersecurity ecosystem?
MixMode is committed to promoting collaboration to address the challenges and opportunities presented by AI, as well as transparency, by providing organizations with detailed insights into detected threats and suspicious activities. We feel collaboration and intelligence sharing are critical and participate in many industry groups and consortiums sharing best practices for using AI in security. It was one of the many reasons we wanted to do this research and publish the report.
In addition, we work closely with government and academic programs. Our founders and many of our team are advisors to universities, government, and private companies. Our threat research team, in particular, shares threats using anonymized insights into new attack method patterns and threat trends. We evangelize lessons learned and share use cases for using AI in impactful ways.
One area we are most proud of is MixMode’s AI Cybersecurity Science & Innovation Advisory Board (MixMode AI-CSI), which comprises technical experts, scientists, domain experts, and business leaders and is growing. Our charter is to advance MixMode’s AI to help the cybersecurity industry and promote responsible innovation and the ethical application of artificial intelligence. Our AI board aims to provide guidance, oversight, and recommendations related to the overall development and deployment of artificial intelligence in cybersecurity.
———————–
By Randy Ferguson
