The process of Active Contextual Modeling (ACM) facilitates communication between the artificial intelligence platform and the human analyst.
Raw data is ingested, transformed into behaviors, and run through algorithms to find rare events for an analyst for review. After investigation, an appropriate label is attached to each event by the analyst. The system learns from these labels and automatically improves detection efficacy..
Data models created though this process are flexible and adaptive. Event accuracy is continuously improved. Historic data is rertospectily analyzed as new knowlege is added to the system.
While you can get started by capturing only a few data sources, the more data sources you include, the larger the variety of attacks that can be detected.
A new AI is like hiring a fresh graduate from college—full of potential but it must be taught your enterprise's unique security environment.
Training the AI happens when the AI presents a set of alerts to human analysts, who review the alerts and define them as attacks or not. The analyst applies a label to the alert which trains a supervised learning model that automatically adapts and improves. This is a trained AI.
A trained AI acts like a virtual analyst, having captured the intelligence of the analyst through labels, and then adds the power of machines: it's always-on (24x7), it can analyze huge volumes of data in real time, and it finds patterns in hyper-dimensional space.
A wide variety of methods of techniques are used to achieve the end goal of data exfiltration. Human assisted AI scales your team's analysis capabilities and learns to threat hunt. Detect and stop data exfiltration and predict attacks before they occur.
Based on credential theft and impersonation, this attack leverages valid credentials and access granted to business applicaitons. This affects brand reputation can result in the theft of intellectual property. Human assistd AI learns to watch for patterns of outlier behaviors to this type of attack in real-time.
Once attackers are inside your network, they are almost imposible to detect. This is why the average time to detection after initial compromise sits at approximately 200 days. The key to detection at this phase in the attack chain is automated accurate discovery of abnormal patterns of activity in terabytes of security relevent data using human assisted AI.
Polymorphic and metamorphic malware have the capability to escape detection by changing its’ potential signature or recoding itself while inside your IT environment. Human assisted AI can help your analysts detect and follow fast changing malware in real time or in mountains of historic data.