Page 125 - Cyber Defense eMagazine January 2024
P. 125
Against this backdrop, it’s critical that AI not just get the right answers, but also that it works fast and is
affordable in your environment. The speed requirements rule out batch analytics, as it’s not helpful to
detect today that you were ransomwared yesterday. That means it’s critical to have a real-time, streaming
architecture that still meets the requirements above to run the best AI approach against your
organizations data to answer all of the security problem statements you need coverage on…at an
affordable price point. Platform matters.
Getting the most from AI requires continuous validation and improvement
Security is a hyper-dynamic space: Attack surfaces are ever-expanding, and threats are becoming
increasingly difficult to detect. At the same time, security operations center (SOC) analysts are being
inundated with alerts. According to The 2023 State of Threat Detection Research Report, “97 percent of
SOC analysts worry about missing a relevant security event because it's buried under a flood of alerts.”
Thus, it’s important even for AI that vendors validate and improve products on an ongoing basis to ensure
that AI models are continuing to accomplish what they’re designed to do. In the jargon, this is done by
precision and recall. Precision is a measure of the false-positive rates and recall is a measure of false-
negative rates, and they generally operate in tension with each other. Essentially, vendors need to know
whether their models are catching the threats they’re intended to detect without burying analysts in alerts.
No ML model is perfect, but with the right focus they can be an amazingly powerful weapon for defenders.
With 92 percent of companies either using or planning to use AI and ML to enhance cybersecurity, a
significant opportunity exists for vendors to create groundbreaking products that bolster security. By
practicing the principles outlined above, vendors can maximize their AI-powered security offerings and
bring more value to their customers than ever before.
About the Author
Kevin Kennedy is senior vice president of products at Vectra AI. With more
than 27 years in technology product management, more than half of those
years in security, Kevin has seen it all. From Threat Intel, Encryption and
Secure Web Gateways to Content, Email, Firewall, and Network security to
today leading the Threat Detection and Response product vision and strategy
for Vectra. Not afraid to challenge the status quo, but respectful of the
challenges security teams face, Kevin approaches product with a healthy
dose of empathy - staying true to the problem to be solved - and effectively
balancing innovation and practicality. Prior to Vectra, Kevin launched his
career in threat intel at IronPort. He continued to hone his security product management skills with stints
at Juniper, Cisco, and Agari Data. Kevin bleeds maize and blue graduating from the University of
Michigan with a BSE in computer engineering.
Kevin can be reached on LinkedIn at https://www.linkedin.com/in/kevinkennedysf/ and at the Vectra AI
company website https://www.vectra.ai/.
Cyber Defense eMagazine – January 2024 Edition 125
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.
