Page 123 - Cyber Defense eMagazine January 2024
P. 123
Getting AI Right for Security: 5 Principles
By Kevin Kennedy, SVP Products, Vectra AI
Now more than ever, companies need effective security solutions. The cost of global cybercrime is
projected to grow by seventeen percent each year, reaching a staggering $12 trillion USD, cumulatively,
by 2025.Thankfully, fire can be used to fight fire: AI can help organizations better protect their data, thwart
attackers, and quickly identify and remediate threats. But with the buzz around “AI” dwarfing even “crypto”
at its peak, it’s nearly impossible to cut through the marketing to find truth. Based on a decade of building
applied cybersecurity AI, here are the five principles we’ve identified for maximizing value:
Start with a clear problem statement.
If you’ve played with ChatGPT, you know that small tweaks to the query can make huge differences in
the output. The same is true in building any AI model. So, nailing the problem statement is critical. When
we started, we built a model with the problem statement: “Find unusual use of any account.” Our
customers begged us to turn it off because it was too noisy. Turns out, unusual is the usual in the modern
enterprise.
We went back to the drawing board, thought through the threat model, and got more precise: “Identity
any privileged account operating in the gap between observed and granted privilege”. Why? Attackers
inevitably escalate through privileged accounts, and they take advantage of overly broad privilege. So, if
we can effectively define the zero-trust policy and then flag violations, we can accurately identify attacker
activity. This required an entirely different approach to building the models, but the difference is profound.
Cyber Defense eMagazine – January 2024 Edition 123
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.
