MI613 Inc


January 5, 2021


As cybersecurity evolves and bad actors become more sophisticated, organizations must also evolve. Security teams must take a more proactive approach to Network Traffic Analysis (NTA) in order to avoid the next generation of hacks and breaches to ensure a sound cybersecurity posture. Standard industry solutions include so-called artificial intelligence models that are fundamentally flawed in that they compare network behavior exclusively against a historical baseline analysis that is created after months of data is aggregated, stored, and analyzed. Having an accurate, forward-looking, and evolving baseline of “normal” network behavior to measure anomalous activity against is the only reliable and accurate approach when fighting against a slew of new bad actors and attacks. However, a major problem exists for cybersecurity solutions that claim to deliver anomaly detection through AI: the baseline they create and measure against is based exclusively on historical data which takes months to gather, creates ever-increasing false positives, and does not support anomaly detection as network conditions and attackers evolve.

Without an accurate, generative baseline that evolves over time, truly meaningful anomaly detection is impossible. In contrast to many cybersecurity solutions which are based on Supervised Learning or “secondWave AI” which requires constant training, human tuning and historical data, “third-wave AI” solutions (as defined by DARPA), which leverage generative, self-supervised learning, can offer an accurate evolving baseline of normal network behavior in real time and predict appropriate future network behavior. This approach allows MixMode to provide extremely accurate anomaly and threat detection, 95% fewer false positives, and predictive threat detection.

This paper will evaluate several common SecOps issues around Network Traffic Analysis, explaining why typical solutions are wholly ineffective and represent sunk costs versus added value. We’ll examine how self-supervised learning AI is poised to overcome the SecOps challenges of protecting today’s distributed networks.

We’ll examine the current state of the cybersecurity solutions marketplace:

1. Moving Beyond Rules based AI Solutions, Making Sense of the AIEnhanced Cybersecurity Market

2. The Inherent Inefficiency and Inaccuracy of Stand-Alone SIEM Platform.

We’ll take a look at three security operations center issues negatively impacting Network Traffic Analysis:

1. The Wasteful Culture of False Positives and the Wasted Potential of Security Analysts

2. The Human Error Factor

3. The Shifting Definition of “Baseline”

We’ll consider current research and statistics that help to shape the story of what’s happening in the security platform stratosphere, and share insights from Geoff Coulehan, Head of Strategic Alliances at MixMode about game-changing, third-wave AI in Network Traffic Analysis and cybersecurity. In addition to serving as the Head of Sales and Strategic Alliances for MixMode, Coulehan has honed his industry expertise over two decades spent examining and improving the continually evolving cybersecurity landscape.

Recent Comments



    • No categories


    From the Blog

    [blog_posts count="3" post_category="" title="" link_text="Read More" character_count="70" layout="default"]