CASE STUDY
Platforms that include safeguards can help create a system for ongoing model tuning and refinement without unnecessary exposure of proprietary customer data . Additionally , tool and platform vendors connected to a wide ecosystem of partners and
ML models for a variety of detections throughout our Open NDR Platform , both directly on our sensors as well as in our Investigator offering . Having this powerful capability at the Edge and in the cloud allows our customers , whether deployed in air-gapped or fully
evidence sources can deliver force-multipliers to detection and response capacities . cloud-connected environments , to harness the power of our ML detections .
Level setting of expectations : AI already warrants a ‘ game changer ’ description , but it is important to remember that the game ’ s primary participants are still humans , and that hype can distort the true extent of AI capabilities and limitations . Organisations need to carefully consider the current state of their security and make investments in AI tools that best address their specific needs and industry threats .
How is Corelight integrating AI into its security solutions and how does it use AI to empower organisations to defend against cyberthreats ?
Our approach is to leverage AI to make our customers more productive in their day-to-day security operations and we do that in a way that is both responsible and respectful of our customer ’ s data privacy . Increasing SOC efficiency through better detections and faster upleveling of analyst skills goes directly to addressing the cybersecurity workforce challenges that every organisation is struggling with .
Machine Learning
The umbrella term AI covers all the capabilities of Machine Learning ( ML ), including LLMs . Corelight uses
From finding C2 channels to identifying malware , ML continues to be a powerful tool in our analytics toolbox . Our supervised and Deep Learning ML models allow for targeted and effective detections that minimise the false positives commonly associated with some other types of ML models . Our models can identify behaviours like domain generation algorithms ( DGAs ) which may indicate a host infection , watch for malicious software being downloaded and identify attempts to exfiltrate data from an organisation through covert channels like DNS . We also use Deep Learning techniques to identify URLs and domains that attempt to trick users into submitting credentials or installing malware , helping to stop attacks early in the life cycle .
Providing effective ML-based detections is only the beginning of our approach . Having the appropriate context and explainability around our detections is essential to faster triage and resolution . We provide detailed views into what is usually a ‘ black box ’ of ML detection . Our Investigator platform provides an exposition of the features that make up the model , as well as the weightings that led to a specific detection . That data gives analysts a view into what specific evidence to pivot to for the next steps of an investigation . We continually build new models and tune our existing ones to make sure that our customers
60 INTELLIGENTCIO MIDDLE EAST www . intelligentcio . com