Public Affairs

Meet My New “AI” Cybersecurity Incident Responder

Posted Paul Ferrillo

Paul Ferrillo | April 21st, 2016

Meet My New “AI” Cybersecurity Incident Responder

As the world continues to be disrupted by new and ever improving internet-based technologies, researcher and cybersecurity consultants have continued their quest to engage in new forms of big-data analytics in an effort to help companies improve upon their abilities to protect their computer network.  Here is one promising effort by research scientists at the Massachusetts Institute of Technology. In an article on Monday, the MIT News noted that “researchers from MIT™’s Computer Science and Artificial Intelligence Laboratory (CSAIL) and the machine-learning startup PatternEx, demonstrate an artificial intelligence platform called AI2 that predicts cyber-attacks significantly better than existing systems by continuously incorporating input from human experts.”

As reported in the article, this new platform shows meaningful results in both detecting cybersecurity attacks, and in reducing the number of false positives that incident response teams would normally need to deal with manually. Importantly, the article notes that we as humans are not replaced by the platform. Rather we are elevated to review the results from the platform and then take appropriate reaction when necessary if a real attack is underway. Using the human feed-back, the platform then learns from its experiences in a continuous feedback loop. The article concludes, “The team says that AI2 can scale to billions of log lines per day, transforming the pieces of data on a minute-by-minute basis into different “features”, or discrete types of behavior that are eventually deemed “normal” or “abnormal.”” 

We would note that this sort of platform is not commercially available today, but we see no reason why it will not be made available soon.   Indeed several cybersecurity vendors have related products which assimilate the results of various hardware feeds (say, from firewalls, intrusion detection devices, and real-time intelligence feeds) and aggregate the data for incident responder to review and take action if necessary. Other products will actually suggest or manually take corrective action in order to hopefully prevent harm from an attack. Yes, all this new technology does cost money, and obviously it will need to be evaluated against existing solutions. Cost-benefit decisions will then need to be made. But, for organizations that field a high-volume of security alerts daily, cybersecurity automation and orchestration products certainly present a very strong solution to keeping both your network and your corporate reputation safe from attack.

Paul Ferrillo is counsel in Weil, Gotshal & Manges’ Litigation Department.

Paul Ferrillo | April 21st, 2016

Meet My New “AI” Cybersecurity Incident Responder

As the world continues to be disrupted by new and ever improving internet-based technologies, researcher and cybersecurity consultants have continued their quest to engage in new forms of big-data analytics in an effort to help companies improve upon their abilities to protect their computer network.  Here is one promising effort by research scientists at the Massachusetts Institute of Technology. In an article on Monday, the MIT News noted that “researchers from MIT™’s Computer Science and Artificial Intelligence Laboratory (CSAIL) and the machine-learning startup PatternEx, demonstrate an artificial intelligence platform called AI2 that predicts cyber-attacks significantly better than existing systems by continuously incorporating input from human experts.”

As reported in the article, this new platform shows meaningful results in both detecting cybersecurity attacks, and in reducing the number of false positives that incident response teams would normally need to deal with manually. Importantly, the article notes that we as humans are not replaced by the platform. Rather we are elevated to review the results from the platform and then take appropriate reaction when necessary if a real attack is underway. Using the human feed-back, the platform then learns from its experiences in a continuous feedback loop. The article concludes, “The team says that AI2 can scale to billions of log lines per day, transforming the pieces of data on a minute-by-minute basis into different “features”, or discrete types of behavior that are eventually deemed “normal” or “abnormal.”” 

We would note that this sort of platform is not commercially available today, but we see no reason why it will not be made available soon.   Indeed several cybersecurity vendors have related products which assimilate the results of various hardware feeds (say, from firewalls, intrusion detection devices, and real-time intelligence feeds) and aggregate the data for incident responder to review and take action if necessary. Other products will actually suggest or manually take corrective action in order to hopefully prevent harm from an attack. Yes, all this new technology does cost money, and obviously it will need to be evaluated against existing solutions. Cost-benefit decisions will then need to be made. But, for organizations that field a high-volume of security alerts daily, cybersecurity automation and orchestration products certainly present a very strong solution to keeping both your network and your corporate reputation safe from attack.

Paul Ferrillo is counsel in Weil, Gotshal & Manges’ Litigation Department.

  • [blog_shorcode_show]