AI in cybersecurity: the IDC AI Innovators Report and what it means for security practitioners

January 10, 2019 | 3 minute read

Cybereason Recognized for Artificial Intelligence Capabilities

Back in 2017, Cybereason CSO Sam Curry and CTO Yonatan Striem-Amit spoke to a crowded room at the RSA Conference about the hype and hope of AI and Machine Learning. Fast forward a year later, where Cybereason was recently named an IDC Innovator in the IDC Innovators: AI Intelligence-Infused Security Solutions, 2018 (doc #AP42610618, October 2018) report.

A lot has happened in the past year and a half (a near lifetime in the world of security products). Things have improved since, with much of the tech getting more mature and employing more advanced AI and ML toolkits; but there’s still a lot of abuse and outright false claims out there. The problem is that AI is both the most overhyped and underhyped technology (simultaneously) since the invention of Internet itself. 

“AI” has become the ultimate buzzword for many software vendors - especially in the security industry. Claims to deliver leading Artificial Intelligence are abundant. Unfortunately, with nearly every vendor advertising AI capabilities, many buyers have become confused. It is important to unpack “AI” capabilities when advertised and discern the extent to which AI is used. What types of machine learning are being used? How do they manifest into the platform? It is critical that buyers ask these questions to truly understand how AI capabilities are being leveraged to provide additional value.

Recently, the IDC Innovators report on AI took the approach that it is more useful to focus on who is using AI in the most interesting and relevant ways. Rather than rely on marketing terms, the IDC Innovators report takes a dive into the ways in which AI is attained, to help clarify the term, and combat the trend of companies looking to justify tacking the word AI onto their existing solutions by any means necessary.

 Of Machine Learning and Man

This of course relates to a bigger question around what constitutes AI and what doesn’t. The classic definition of Artificial Intelligence was dominated by the desire to emulate Human consciousness in a manner that would fool a real Human into not being able to tell that the intelligence wasn’t Human. This is the basis of the Turing Test: Alan Turing set this cognitive goal of Human emulation in 1950.

However, Artificial Intelligence is bigger than that single goal. Gary Kasparov’s famous chess match with Deep Blue demonstrated that artificial, silicon-based intelligence can deliver huge dividends when partnered with carbon-based intelligence. A hybrid approach greater than the sum of the parts. This is no less true when applied to security, and in fact the science of Artificial Intelligence (which, if ever truly achieved, will likely drop the “Artificial” from its name) has a great training ground in security, even if the best answer to all security problems isn’t a fully conscious, security analyst-emulating AI.

Ultimately, the security industry may be the best proving grounds for advancing AI, and not just the simple, low-level Machine Learning we’ve seen passed off as AI. Although, ironically, AI may not be the best toolkit or design goal to solve every problem in security. 

The IDC Innovators report recognizes Security Innovators for delivering a core security solution that delivers AI in the form of deep learning, machine learning, knowledge graphs, and more. The IDC Innovators report states that to protect against today’s threats, enterprises need to identify and respond to cyber attacks in real-time: this is now made possible by AI and deep learning technology. This recognition validates our AI capabilities and builds on recent recognition for the Cybereason platform that helps customers understand, contain, and respond to attacks more quickly.

Why Cybereason Was Recognized

Cybereason was specifically recognized for its proprietary in-memory graph that automatically correlates all digital actions taking place on machines across an enterprise. Since this correlation is delivered automatically, Cybereason delivers Malops™, actionable alerts that represent the full story of an attack with root cause analysis. Malops™ use behavioral analytics to identify all suspicious and malicious activities taking place across all machines in an enterprise. 

Our in-memory graph isn’t the only application of machine learning that is being delivered in the Cybereaosn platform. Download an excerpt of the report here to learn how Cybereason uses machine learning to drive actionable insights and increase analyst efficiency.



IDC Innovators reports present a set of vendors –under $100M in revenue at time of selection --chosen by an IDC analyst within a specific market that offer an innovative new technology, a groundbreaking approach to an existing issue, and/or an interesting new business model. It is not an exhaustive evaluation of all companies in a segment or a comparative ranking of the companies. Vendors in the process of being acquired by a larger company may be included in the report provided the acquisition is not finalized at the time of publication of the report.Vendors funded by venture capital firms may also be included in the report even if the venture capital firm has a financial stake in the vendor’s company. IDC INNOVATOR and IDC INNOVATORS are trademarks of International Data Group, Inc.


Sam Curry
About the Author

Sam Curry

Sam Curry is CSO at Cybereason and is a Visiting Fellow at the National Security Institute. Previously, Sam was CTO and CISO for Arbor Networks (NetScout) and was CSO and SVP R&D at MicroStrategy in addition to holding senior security roles at McAfee and CA. He spent 7 years at RSA, the Security Division of EMC as Chief Technologist and SVP of Product. Sam also has over 20 patents in security from his time as a security architect, has been a leader in two successful startups and is a board member of the Cybersecurity Coalition, of SSH Communications and of Sequitur Labs.

All Posts by Sam Curry