Why aren’t today’s tools sufficient to prevent cyberattacks?
Why can't you take those millions of alerts and use machine learning to not only consolidate them, but to say, hey, this alert should be prioritized over these alerts. And so the right ones get addressed. And if you have the proper machine learning, you can say, “hey, here's this alert. Here's what it means. Here's how to fix it.”
The false positives are so high that people don't trust AI anymore. Some of us have figured out a different way. Think about the scenario. Storage has become cheap. If you have one month worth of data, it's like a joke where a drunk is searching for his keys under a streetlight. And the cop pulls over and asks, "Hey, I could help you search, like should I search next to you under the streetlight?" He goes, "No, no go search in the darkness." "And how come you're searching here?" "Well, this is where the light is, but I lost my keys over there." Meaning you have one month worth of data, you're running all your models on that one month. If your reconnaissance even happened six months to a year before, you don't even have the data. How are you ever going to catch that? So those are some of the things that we solve in terms of how do you teach a machine how to think? Yes, just like a self-driving car, teaching the machines to think from knowledge engineering that you've collected over a couple of years, talking to at least 1600 to 1800 incident responders. That's the reason even when the source data doesn't exist, time to value is quicker, and you get a lot less false positives.
Now everybody is coming to the conclusion that perimeter is not the way to do things. So there can be a possibility of paradigm shift. Instead of going after the perimeter, we could focus on data. Understanding where your sensitive data lies and protecting that would make more sense. Strategically going after what you need to protect, as opposed to just going after everything.