Cybersecurity has been continuously evolving, not just as a hot topic for discussion but as the mainstream challenge and priority for a large number of organizations. Recently, we have seen several cyberattack incidents turning into global epidemic events, such as WannaCry (May 2017; damaging 200,000 computers across 150 countries), Petya/NotPetya (June 2017; $10 billion damage estimated), Mirai (Oct 2016; initial level impact on 300,000 insecure IoT-devices worth $100 million, further variants and consequences still getting unveiled). And even on the corporate front, the world has witnessed several massive breach incidents, including Yahoo (2013-14; impacting 3 billion users), Equifax (July 2017; impacting 150 million U.S. citizens), and Aadhaar (Aug 2017 to Jan 2018, 1.1 billion Indian citizens impacted), just to name a few. With every passing day, cybercriminals are learning and adopting new and innovative methods of attack. To withstand such attacks, security agencies also need to ramp up their game. Besides the established players, there are a large number of startups using advanced techniques like machine learning and artificial intelligence to prevent such cyberattacks. Below are a few startups using AI to drive cybersecurity innovatively.
Founded in 2013 by mathematicians from the University of Cambridge and government cyber-intelligence experts in the U.S. and the UK, Darktrace developed its first-ever autonomous response technology, known as Darktrace Antigena, in 2016. Darktrace has developed an Enterprise Immune System that works as a real-time threat-detection system. This system uses a machine-learning algorithm based on considerable data to define standard user actions on the network and sets it as a baseline, which is termed “pattern of life.” Any adverse activity or behavior on the network rings an alarm. By using proven artificial intelligence, Enterprise Immune System has become very helpful for the organizations to identify misconfiguration and emerging threats in the critical parts of the network infrastructure across all major cloud service providers and SaaS applications such as AWS, Microsoft Azure, and Office 365 Suite.
Cylance, a California-based company founded in 2012, is the pioneer in providing cybersecurity that uses artificial intelligence into all its product lines. The key products of Cylance include Cylance Protect, Cylance Optics, Cylance Threat Zero, and Cylance Smart Anti Virus. Cylance Protect comprises core protection technology that leverages artificial intelligence and machine learning to detect and prevent threat attacks before they are executed. Its architecture consists of an agent installed on the host and managed by a Cylance cloud console. Its threat execution control system uses tested mathematical algorithms on the host, independent of cloud connectivity, signatures, or behavioral analysis. Cylance Optics is an upgraded version of Cylance Protect that acts as an endpoint detection and response solution. It extends the threat prevention delivered by Cylance Protect using artificial intelligence to identify and prevent security threats proactively. It also offers an automated playbook-driven response system as well as enables threat hunting capabilities based on context and situational awareness.
Vectra Networks, a California-based tech startup founded in 2010, mainly uses artificial intelligence in its product called Cognito platform, which is a real-time threat-detection system deployed across cloud, datacenter, and enterprise environments. It is an automated threat-detection system that reduces human intervention to a great extent, which is required for threat research and investigations. Cognito platform mainly comprises the algorithms based on artificial intelligence, data science, and machine learning to identify anomalies. It can track the network traffic, extract relevant metadata, and ingest external threat intelligence. But it cannot take any actions automatically to encounter the threats, and it thus categorized as a threat-detection system rather than a threat-prevention system.
Balbix is another prominent California-based startup that uses artificial intelligence for risk assessment and protection from cybersecurity threats. Balbix uses specialized artificial intelligence and machine learning methodologies to continuously scan and analyze data from all the connected devices, apps, and users. The product Balbix BreachControl provides a comprehensive and predictive assessment of security threats. The use of AI in the product enables prediction of potential breach scenarios. It also provides integration with the ticketing and orchestration systems, which allows organizations to manage and operate their overall cybersecurity operations efficiently.
Tanium is a California-based endpoint security and systems management company founded in 2007. Tanium offers Tanium Core Platform that acts as a centralized hub for network endpoint protection. By working as a centralized hub, it provides better infrastructure for managing network endpoints. It also provides an endpoint security agent for workstations, servers, and laptops. That means, instead of every endpoint having an individual communication to the server, the Tanium agents communicate with each other using a process known as linear chaining. Overall, it offers continuous monitoring, measurement, and reporting on the key security and operations metrics defined by the organization, including patches and vulnerabilities, encryption, inventory management, anti-malware solutions, and firewalls. It also allows interaction with the system in simple English language with a variety of built-in questions and custom use-cases.
PerimeterX is a California-based cybersecurity company that was listed in the Top five cybersecurity startups of 2019 by Business Computing World. It was also ranked in the top 100 of the most promising AI companies by CBInsights. This security startup mainly focuses on threat detection that is carried out by bots (and not humans) by using any adverse algorithm or technology. The bot-detection system developed by PeremeterX mainly comprises ML and AI to identify the threat’s usual behavior. As soon as any threat launched by any bot is detected, PerimeterX begins its action and takes preventive measures to avoid any damage beforehand. PerimeterX provides its security solutions to vast industry segments such as the hospitality industry, e-commerce industry, and financial organizations.
Cyware is a cybersecurity company headquartered in New York mainly known for AI-enabled threat intelligence and response products. It has been a prominent organization developing cybersecurity solutions that comprise proactive cybersecurity defense capabilities, threat intelligence methods using AI, ML, blockchain technologies as well as automated response system to manage security threats in real-time. Its key products include Cyware Situational Awareness Platform, Cyware Threat Intelligence Exchange, and Cyware Fusion and Threat Response. Cyware Situational Awareness Platform is a threat intelligence and information sharing platform that sends instant alert notifications to the employees via web or mobile in real-time if something unusual is detected. Cyware Threat Intelligence Exchange is a bi-directional client-server exchange that facilitates AI-based analysis and enables carrying out the exchange of real-time threat indicators with subscribers and clients and full intel collection management from multiple sources. Cyware Fusion and Threat Response is a real-time threat response solution that proactively investigates and analyzes potential threats, tracks all kinds of malware and vulnerability and has cyber-data fusion capabilities to develop a 360-degree view of the threat.
Cybersecurity getting bigger as attackers get smarter
The cybersecurity industry is likely to exceed a whopping $114 billion in 2019, says Gartner. But at the same time, cyberattackers are also getting smarter day by day. They are now using much more advanced and sophisticated attack techniques to hurl the threats to breach an organization’s security. To fight such threats, AI and ML have proved to be the game-changers for cybersecurity organizations. Implementing AI and ML in cybersecurity products allows organizations to automate their security and achieve an edge over upcoming threats. These startups are playing a vital role in detecting or preventing threats, generating automated responses, and sending alert notifications to the proper security officials.
Featured image: Pixabay