As an analyst, my sole focus is on transformative technologies – and there is no better example of this than artificial intelligence impacting almost all aspects of our lives.
Voice AI is being built into cars and home assistants, e-commerce websites use it to make better recommendations and streaming media sites can offer up better content with AI. In the area of corporate IT, AI will have an equally big effect on IT operations, collaboration, and other technologies. However, we might see the biggest impact in cyber security.
Security needs AI more than ever
Protecting an organization has always been a losing battle with security pros and the gap between incoming threats and the ability to find breaches is widening. One of the challenges is that there is so much data to be analyzed today that people can no longer do it manually. This is why I believe the day of the current security information and event management (SIEM) tool is rapidly coming to an end.
In some ways, these tools are the epitome of the problem with security. AI brings a number of new capabilities to cyber security. To understand the impact it can have, I recently interviewed Sam Jones, VP of Product Management and security at start-up Stellar Cyber. in a recent ZKast video, done in partnership with the eWEEK eSPEAKS series.
Highlights of the interview are below:
- Stellar Cyber is one of the pioneers in Open XDR.
- Open XDR differs from traditional XDR where the “X” is defined as everything versus eXtended. This is in alignment with the ZK Research vision which was defined in 2018.
- Open XDR is designed to protect the entire, end to end attack surface for a step function in threat protection versus a marginal one.
- The other big difference with Open XDR works with any vendor that’s in place combined with native capabilities. In this case Open means interoperable as well.
- Stellar Cyber recently announced its novel XDR kill chain. The product is AI based and runs detections for certain behaviors and correlates those detections into larger constructs called incidents.
- Traditional kill chains, such as the Lockheed Martin kills chain met the demands for how Stellar Cyber was developing its algorithms. The new novel kill chain is a fully Mitre Attack-compatible kill chain with features built for machines and people.
- One example is that Stellar Cyber has built five stages (Initial attempt, propagation, exploration, exfiltration and impact and persistent foothold) that sit on top of the Mitre kill chain that are specific to XDR. Categorizing it this way into high level stages makes it easy for a level one security analyst to understand.
- An example to help AI is the delineation between internal and external attacks, which plays a role in understanding the attack progression and reconnaissance behavior.
- From a high level, a good way to think about the AI based kill chain is that traditional EDR, NDR and other detection and response tools is that they do a good job at detection breaches but are weak in responding. Open XDR, because it sees the end to end kill chain, can respond quickly and accurately.
- Stellar Cyber also recently its AI powered incident correlation tool. This boost security analyst productivity. The product works hand in hand with the XDR kill chain by bringing together alerts and relates them when they are part of the same incident.
- This can help filter and triage the thousands or even tens of thousands of alerts and highlight just the important ones.
- Jones described this as being able to “shrink the haystack,” making it easier to find the needle in it.
AI as part of security has been around for years and there is currently a healthy dose of skepticism as to whether it works or not. I understand this as many of the early products were based on rules and not true AI. Jones described this as “snake oil”, which is accurate.
The reality is, there is far too much data for people to analyze today and AI based systems, like Stellar Cyber, are greatly improved from ones available just a few years ago. Security pros need to make sure that AI is part of the overall cyber strategy to complement the skillset of the security team.