Using AI to Separate the Good Signals From the BadVectra's Oliver Tavakoli on the Need for Discriminative AI to Detect Threats
SOC analysts and CISOs are experiencing burnout because the increased number of threats and the large amount of tools being used to detect and mitigate attacks. All of these tools are producing an unmanageable volume of alerts. "Noise is a problem," said Oliver Tavakoli, CTO at Vectra AI.
The key to solving that problem is aggregating the signals coming and using deep leaning and neural networks to discover the stories that particular combinations of signals tell and - ultimately - to separate the good signals from the bad ones.
Tavakoli said Vectra AI pulls traffic and log data to see what's happening in the environment and leverages discriminative AI - not generative AI - to analyze that data. Looking for every anomaly fails because it is too "noisy," he said, so Vectra AI seeks to "sequence the DNA" of a particular attack type and thereby "have a sense of what 'bad' you're looking for."
In this episode of CyberEd.io's podcast series "Cybersecurity Insights," Tavakoli also discussed:
- Good use cases for generative AI, which he said is not always the best technique for solving a problem;
- What "malleable and adaptive" large language models are are good at doing;
- Why organizations need to stop looking at systems in isolation and "stitch these worlds together."
Tavakoli is a technologist who has alternated between working for large and small companies throughout his 25-year career. Prior to joining Vectra, he spent more than seven years at Juniper as chief technical officer for the security business. Tavakoli joined Juniper as a result of its acquisition of Funk Software, where he was CTO and developer for Steel-Belted Radius. Prior to joining Funk Software, he co-founded Trilogy Inc. and prior to that, he did stints at Novell, Fluent Machines and IBM.