Mimicking a Cybersecurity Analyst's Intuition with AI


Author: Wired

With years of cybersecurity experience under his belt, security expert Mike Beck investigated whether he could teach AI to think like a cybersecurity analyst. Beck, a cybersecurity expert with a background in UK intelligence, now Global CISO at Darktrace, has been helping develop a technology that he quickly saw could give defenders an edge in the cybersecurity battle: an AI Analyst.

Darktrace's R&D team set out to try to imbue their AI with such human analyst skills. "It was a tall order," says Beck. "A cyber analyst is somebody who's inquisitive and who asks questions about the data to understand whether a signal is evidence of an attacker or not. It's a subtle and nuanced task."

Could he and his team use AI to not only detect threats, but emulate human thought processes to investigate them too? After fielding perspectives from leading experts in mathematics and computing, Darktrace committed to a project that would take three and a half years to complete.

The company put 100 of its own top analysts under the microscope as they investigated attacks across thousands of customer deployments. The AI monitored the patterns in the analysts' behavior as they went about their normal work, mining every click and menu selection for implicit knowledge indicating how an analyst sniffed out genuinely threatening activity.

The result was the Cyber AI Analyst technology, which augments the human analyst by handling much of the heavy lifting that analysts would otherwise have to do, rapidly synthesizing all of the context around an attack into a human-readable report, which can be translated into any language at the click of a button. A lot of that heavy lifting involves filtering cybersecurity alerts that, in the end, are not genuinely threatening. As Beck explains, "Analysts are overstretched. They're having to do analysis day on day across too many things."

By automating these tasks, the Cyber AI Analyst reduces the average time to investigate threats by 92%. When Darktrace's AI finds an anomaly, such as an unusual provisioning pattern for a cloud server, the Cyber AI Analyst can crunch a mountain of data from a variety of sources including cloud, IoT, on-premise applications, and virtualized networks—all at enterprise scale and machine speed.

The AI then determines whether that anomaly is something that it should triage or report to the human analyst, so they can apply their own insight to make strategic, business decisions. "There are things that human beings are great at, such as understanding the context of the business and how it operates," Beck says. "Where you need human brain power is on more complex security tasks, and much more complex security questioning."

Cyber AI Analyst often synthesizes the many indicators of a single attack—indicators that a human would have difficulty piecing together, Beck says. "This breakthrough in AI combines human expertise with the consistency, speed and scalability of artificial intelligence, buying back time for human teams and making their jobs more fulfilling."

Sustaining Partners