XDR Foundations: Leveraging AI Where it Matters Most

Thanks in large part to the success and hype surrounding AI tools like ChatGPT and Bard, there was no shortage of AI buzz at this year’s RSA Conference. However, it remains to be seen if the announcements made at RSA will improve the efficiency and effectiveness of security teams.

Setting the hype aside, Cybereason has a long history of leveraging AI and Machine Learning models to classify malicious operations (MalOp™) and malware with a high level of accuracy. Cybereason’s AI-driven XDR is a game-changing approach to cybersecurity that can help organizations stay ahead of evolving cyber threats. By integrating data from multiple sources and leveraging AI and machine learning algorithms, organizations can detect, investigate, and remediate potential security incidents much faster and more accurately.

Detecting Known & Unknown Threats

Malware is a significant threat to any organization, and cyber attackers frequently use sophisticated techniques to avoid detection by traditional antivirus solutions. Reports of known malware often contain conflicting information, as various vendors may disagree on the process’s classification. 

Cybereason created a statistical machine-learning algorithm trained over large data sets and analyst feedback. The algorithm gives scores to the information contained in threat intel reports, enabling the Global Threat Intel server to reach a confident classification, even in cases where there is disagreement among vendors.

Behavioral Analytics is another way that Cybereason uses AI/ML for advanced threat detection and prevention. Cybereason AI-driven XDR leverages Indicators of Behavior (IOBs) to provide an in-depth perspective on an attacker's campaign. Behavioral Analytics also helps identify advanced threat attacks that have bypassed other security measures, such as malware or phishing attacks.

Cybereason AI-driven XDR can detect unknown threats, irrespective of location, through contextual correlation with telemetry from workspace applications, identity access tools, cloud environments, and even IoT/OT devices across the business network. Cybereason XDR provides complete visibility across an enterprise infrastructure, helping analysts identify and predict threats. 

AI & Cybereason NGAV

Cybereason’s NGAV solution also uses Artificial Intelligence to classify hashes as malicious or benign. This machine learning algorithm analyzes file properties and additional metadata to determine the likelihood that the file is a new, unknown type of malware that has not yet been discovered in global threat intel sources.

While traditional defense techniques are designed to catch malware based on "bad" behaviors, Artificial Intelligence analysis uses proactive behavioral monitoring, also looking at "good" behaviors to extract malicious patterns. This allows Artificial Intelligence analysis to catch more advanced, evasive types of malware that a traditional tool would miss.

The Cybereason Artificial Intelligence machine learning algorithms use millions of samples to build a malicious-file detection hypothesis. The algorithms compile all of these samples into a single value that they apply to each new sample and decide whether the sample is malicious.

While the Cybereason algorithms can detect almost any behavior, the Cybereason research team has tuned the algorithms to focus on detecting malicious files and programs that could potentially launch expansive attacks in enterprise organizations, such as Trojan attacks.

Real Operational & Business Impact

AI-driven XDR technology extends continuous threat detection and monitoring beyond endpoints. This next-generation technology automates response to provide contextual correlations with telemetry from applications, identity and access tools, containers, cloud workloads, and other sources. Doing so offers a more comprehensive approach to threat detection and response, enabling organizations to stay ahead of potential threats and safeguard their valuable data. 

Cybereason’s AI-driven XDR can refine the work done by humans and AI together, enhancing the efficacy of the entire security stack. The advantages of using AI/ML to enhance security efficacy include improved performance, automated decision-making, and reduced workload for security analysts.

Contact a Defender to learn more about how Cybereason XDR meets all of these requirements and more, or schedule a demo.

Dan Verton
About the Author

Dan Verton

Dan Verton is Director of Content Marketing at Cybereason. Dan has 30 years of experience as a former intelligence officer and journalist. He is the 2003 first-place recipient of the Jesse H. Neal National Business Journalism Award for Best News Reporting – the nation’s highest award for tech trade journalism and is the author of the groundbreaking work, Black Ice: The Invisible Threat of Cyber-Terrorism (McGraw-Hill, 2003). He most recently served as an intelligence advisor and co-author of a nationwide TSA anti-terrorism awareness training program.

All Posts by Dan Verton