When it comes to cybersecurity, artificial intelligence is a double-edged sword, with defenders using it to respond to and predict threats and attackers using it to execute even more refined attacks. For example, AI systems can send ‘spear phishing’ tweets (tailored tweets sent to selected individuals to fool them into disclosing critical information) six times faster and twice as effectively as a human.
AI has become a major tool in stopping cyberattacks as the attack surface has become larger and attacks have become more sophisticated. Organizations are turning to artificial intelligence because cyber analysts are finding it increasingly difficult to adequately monitor current levels of data volume, velocity, and variety across firewalls.
Here is a look at what 12 hot AI security companies is up to, from finding qualities that several threats share to taking on well-camouflaged malware to advising corporations on how to deploy security resources.
1. Awake Security
Awake Security mixes artificial intelligence with human knowledge to seek for insider and external attacker behaviours autonomously. The NDR provider, which is now part of Arista, provides triage, digital forensics, and incident response capabilities across campus, data centre, Internet of Things, operational technology, and cloud networks.
Awake analyses billions of network interactions to discover, profile, and classify every device, user, and application on any network automatically. Awake then analyses complicated adversarial behaviour and detects threats by connecting the dots across entities, time, protocols, and attack stages using a multi-dimensional ensemble machine learning approach.
Awake’s situational awareness solution detects, profiles, and monitors devices, users, and applications using AI-based fingerprinting, while its high-fidelity threat hunting offering uncovers complex threats with low false positives and negatives. Awake’s autonomous security system automates tasks such as triage, investigation, and reaction.
BlackBerry Protect is an artificial intelligence-based endpoint security software that protects against advanced cyberthreats by blocking breaches and adding controls. This is accomplished without the need for user or administrator intervention, a cloud connection, signatures, heuristics, or sandboxes.
Artificial intelligence detects and blocks attacks before they can take place, preventing BlackBerry consumers from visiting spoofing pages that seem like real websites. BlackBerry’s resilient AI model stops zero-day payloads from running, and the company’s field-proven AI inspects any programme attempting to run on an endpoint before it runs.
BlackBerry Protect also uses artificial intelligence to recognise and block dangerous URLs, including those that contain phishing components. According to BlackBerry, the company’s AI-driven security endpoint offering provides proactive protection, detection, and response, as well as integrated mobile threat defence, continuous authentication, and adaptive risk scoring.
Balbix’s BreachControl technology employs artificial intelligence to provide continuous risk projections, risk-based vulnerability management, and proactive breach control. The platform assists cybersecurity companies’ teams in being more efficient and effective at the myriad tasks required to maintain a strong security posture, such as keeping systems patched and combating ransomware.
BreachControl has a thorough awareness of the setup and usage information for an organization’s extended enterprise inventory, as well as the business criticality of each asset and user. Balbix is quite familiar with the numerous security solutions and methods that top cybersecurity companies use as part of their overall breach risk reduction strategy.
Balbix also provides prescriptive advice on how businesses can effectively setup and upgrade their security policies and processes to maximise cyber-resilience while minimising business disruption. Users, security operations, CISO, auditors, CIO, CEO, and board members will benefit from the company’s visualisations and reports, which explain calculations and provide recommendations.
4. Blue Hexagon
Blue Hexagon’s deep learning models examine millions of attributes in payloads, protocols, and headers in less than a second to identify threats. The business claims that their cloud security and network detection and response (NDR) solution use deep learning-based artificial intelligence to detect a wide range of known and undiscovered file-based and protocol-based threats.
Blue Hexagon claims that by using deep learning to scan all headers and payloads in real time, it can detect cloud misconfigurations and defend cloud assets without the need to deploy and manage agents. When applied to network traffic, Blue Hexagon can make intelligent choices about whether the traffic is malicious, allowing for near-real-time response.
Cloud configurations, network traffic, cloud storage activity, and the complete threat kill chain can all be analysed in real time using the company’s technologies. Its agentless artificial intelligence is ready to use right now, requiring no re-architecting, baselining, signatures, or sandboxing. Blue Hexagon claims that its system can protect against zero-day exploits, ransomware, lateral movement, C2, and exfiltration.
Callsign uses Artificial Intelligence and Machine Learning to authenticate a person’s identity based on swipes on a touchscreen, keystrokes on a keyboard, locations visited, and other behaviours. The company’s hallmark platform, intelligence-driven authentication, combines multi-factor authentication with fraud analytics powered by deep learning technology to tackle everything from identity fraud to SMS phishing.
The Intelligence Engine from Callsign is a secure and compliant solution for any situation. It analyses hundreds of data points in real time from devices, locations, behaviours, and third-party systems. It warmly welcomes legitimate users while leaving bad actors out in the cold, protecting you from malware, bots, sophisticated scams, and telecom fraud.
Across email and cloud services, industrial equipment, and the corporate network, the Darktrace Immune System can detect what is harmful or malicious in real time. It enables security teams to move away from a plethora of segregated point solutions with limited visibility in favour of a single AI “brain” that benefits from enterprise-wide context and leaves attackers with nowhere to hide.
Darktrace’s Enterprise Immune System learns normal ‘patterns of life’ to identify unforeseen cyber-threats while providing total visibility across the enterprise, from cloud and collaboration tools to endpoints and the corporate network. And Cyber AI Analyst combines various security occurrences into a single security incident and presents its results in a clear, easy-to-understand narrative.
Meanwhile, Antigena Network protects key data and operations autonomously around the clock, surgically interrupting threats across cloud services, IoT, and the corporate network. Antigena Email, on the other hand, leverages Darktrace’s core artificial intelligence to stop the most complex email threats, and it works for everyone from small charity to large enterprises.
Fortinet’s FortiAI is designed to help SOC teams with limited resources defend against advanced persistent threats by detecting, classifying, and responding to malware, including well-hidden threats. FortiAI uses deep learning technology to help enterprises respond to many types of synthetic AI and non-AI-based threats in an automated manner.
The Virtual Security Analyst from FortiAI complements a company’s Security Operations (SecOps) by simulating a professional Security Analyst to analyse threats and detect malware outbreaks. Fortinet’s artificial intelligence is capable of learning new features and can apply over six million malware features to obtain sub-second judgements.
By analysing an organization’s specific traffic and adjusting to freshly disguised threats, the product’s on-premises learning decreases false positives. FortiAI analyses zero-day threats, including fileless threats, and categorises them into more than twenty malware attack scenarios, which it uses in conjunction with FortiGate firewalls to automatically quarantine attacks.
8. IBM Security
With IBM Security’s QRadar Advisor, organisations can receive complete threat coverage, prioritise warnings, and speed up investigations using artificial intelligence. Analysts can validate the threat, see how the attack has occurred and is developing, and discover what techniques are still possible by looking at the confidence level for each attack development.
QRadar Advisor from IBM Security uses cognitive reasoning to determine the most likely danger and connect threat items such as malware files, suspicious IP addresses, and rogue entities to draw relationships between them. External unstructured data, such as threat intelligence feeds, websites, and forums, are automatically applied using Watson for Cyber Security.
IBM’s QRadar Advisor analyses the local environment and recommends which fresh investigations should be escalated to help the analyst drive faster and more decisive escalations. QRadar Advisor can swiftly identify the most dangerous investigations, run many investigations at the same time, and sort and filter the data to see where businesses should focus their efforts.
The artificial intelligence driven PrivacyOps technology from Securiti enables privacy by design by continuously scanning and monitoring data for non-compliance with subject rights, data residency, and security measures. While processing personal data, classification, risk monitoring, and policy-based warnings and remediation provide end-to-end security.
Hundreds of sensitive data items can be discovered, classified, and labelled in multicloud and self-managed structured and unstructured data systems at petabyte scale using the company’s technology. Securiti can find and visualise sensitive data pieces in an organization’s structured and unstructured data systems, as well as synchronise them with third-party data catalogues to populate metadata.
With a precise analysis of risk factors such as specific data items, data locations, and user residencies, Securiti can also detect data risk hotspots in an organization’s environment. The company tracks the security posture of an organization’s cloud assets, implements policies to mitigate security risks, and prioritises and mitigates risk in assets that contain sensitive data.
Sentry is a video analytics solution for public safety and physical security that uses artificial intelligence. The company’s security-specialized neural network analyses context to help security professionals do their jobs more efficiently.
The company uses innovative artificial intelligence technology to create unique algorithms for security use cases and provides enhanced identity management via single sign-on and interaction with Enterprise Mobility Management providers.
Sentry works in tandem with existing security systems to provide real-time warnings for key occurrences, removing the need for ongoing monitoring. Custom reports give businesses with relevant data, and the company provides corporations with camera status and system health analytics.
Vectra use artificial intelligence to improve detection and response over time, reducing false positives and allowing enterprises to focus on real threats. The company’s automated threat detection and response platform combines human knowledge with data science and machine learning approaches to provide a continuous cycle of threat intelligence based on cutting-edge research and learning models.
The organisation can recognise the commonalities across threats, identify what is normal and abnormal in the local network, and link disparate occurrences to show the bigger assault story. Vectra begins by identifying and analysing as many threats as possible to determine what they have in common, which necessitates a large-scale examination of malicious traffic as well as the skill to determine what is genuinely important.
Vectra’s local learning models check for signs of an attacker investigating the network, evaluating hosts for attack, or exploiting stolen credentials, among other things. The company’s model follows events throughout the cyberattack kill chain, tying them to individual hosts that exhibit threat characteristics and incorporating them into a real-time risk score.
12. Vade Secure
Vade Secure is a leading email defence company that uses artificial intelligence and machine learning to defend mailboxes from attacks such as spear phishing, ransomware, and malware. Vade will use the funds to continue investing in its AI-based threat detection engine and expand its leadership in email security for ISPs. Vade’s email security solutions are chosen by ISPs, MSPs, and SMBs to safeguard their users and organisations against advanced cybersecurity threats.
Their AI-based email security solutions are meant to identify the undetectable, whether they are safeguarding consumers through leading ISPs or businesses through MSP partners. Vade’s multi-layered analysis uses threat knowledge from one billion secured mailboxes to combine a heuristic methodology with behavioural analysis technology. With patented Machine Learning and Deep Learning technologies that predict, block, and remediate sophisticated threats, the company’s behavioural approach to threat detection goes beyond signature and reputation-based scanning.
Read more on cybersecurity blogs