Dynamic and Flexible AI for Network Security

By Christian Wiens / Oct 31, 2019
Christian Wiens
VP of Product Marketing

Christian Wiens is Director of Marketing at MixMode. He has 10+ years of experience as a cybersecurity professional. He has his BA from The University of California, Berkeley and resides in Austin, TX.

Faster, smarter, and tougher artificial intelligence to protect your systems

Third-Wave artificial intelligence (also known as Wave 3 AI), is making life a whole lot easier for security systems administrators. It seems like we just passed the milestones of incorporating AI into network security. But Dr. Igor Mezic and others in this field have made huge strides in the last year. In his new whitepaper on AI for Network Security, Dr. Mezic describes how Third-Wave AI brings flexibility and intuition into the world of machine learning.

First-Wave AI: tedious rule-setting

First-Wave artificial intelligence requires network analysts to input rules. When a rule is broken, the system sends a notification. Then the analyst has the chance to respond. As many have found, relying on an inflexible rule means either lots of false positives—if the rule is too restrictive—or lots of false negatives—if the rule is too permissive.

Relying on the input of rules is also profoundly tedious and time consuming for network professionals. Each individual user requires their own set of customized rules. What if a machine could learn its own rules? Enter: Second-Wave AI with fancy machine learning.

Second-Wave AI: learning, but slowly

Programmers realized the need for machines to figure out their own rules, so they taught machines to learn on their own. The programs process enormous amounts of historical data to learn what is normal for individual users and groups. When it’s learned all it needs to, it applies its rules and begins to monitor the system’s activity for deviations from the behavior it previously observed.

This is all great, and it constitutes so much progress, however: it can take months for a program to process through all the relevant historical data. By the time it’s figured itself out, the system norms have changed. This means that the machine is always a little behind reality.

Having a system that learns too slowly means lots of false positives: it thinks that all change is bad. A more flexible, dynamic solution is needed. Besides, if you purchase a (rather expensive) program for your company to make it more secure, it’s nice to have something to show for it before everyone forgets it’s there.  

Third-Wave AI: dynamic learning

Third-Wave artificial intelligence doesn’t require historical data and adapts dynamically as the system changes. It starts learning in the first 5 minutes. Rather than relying on supervised learning (based on the human input of rules or historical data), Third-Wave AI is capable of unsupervised learning. It establishes its own baselines from its observation of current data and analyzes deviations from the baselines. It also observes correlations of behavior that lead to a more intuitive response to network activity.

Complete with colorful charts and technical details, Dr. Mezic’s white paper, explains how MixMode’s network security platform, applies Third-Wave AI. Here it is for the download: MixMode’s Artificial Intelligence: Dynamic Learning in Network Security.

Signup for the MixMode Wave Newsletter
Your Monthly Resource for the Latest News, Events and Resources
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.