Cybersecurity At FireEye: Human + AI Case Study

Q1. Projects Suitable for AI implementation

Projects that require detection and defeat of indicators of compromise of various advanced malware strains- This is because approximately 50,000 to 70,000 malicious events are estimated to occur per hour. AI technology effectively detects suspicious activities within the network infrastructure, enabling firms to respond to cyber threats quickly. Also, AI provides antivirus support, phishing attack detection, email monitoring, and malicious Powershell detection.

Projects that use large data sets that are difficult to analyze using human skills- AI analysis makes work easier due to the availability of specialized and improved hardware used to perform neural network computations. AI-enabled tools process and analyze large data quickly while identifying patterns of interest and performing predictions based on relevant categorization and classifications.

Projects that require data mining- AI solutions would be effective in anomaly detection. AI would ensure an automated analysis, identification, and blocking of attacks and pre-empting attacks.

Q2. FireEye’s AI Strategy

FireEye used the Human + AI strategy to develop services for various business processes and functions that required more intelligence. Employing the strategy enabled the firm to automate various aspects of cybersecurity monitoring and protection. Therefore, this allowed the firm to effectively and efficiently deal with the increasing issues of cyber threats.

Q3. FireEye Human + AI approach

FireEye adopted the human + AI approach to supplement human expertise with the high capability of the automated AI tools. This ensured that the firm capped any existing skills gap and that available analysts covered more work in a limited amount of time. The AI tools also helped the analysts with repetitive and tedious tasks. This gave the analysts a chance to prioritize other tasks requiring human decision-making expertise.

Benefits and Advantages of the Approach

Implementing the human + AI approach helped reduce the time needed to discover and distribute threat intelligence while enhancing efficiencies in services and product offerings.  The approach is also beneficial in ensuring that anomalies and deviations are detected as soon as they occur. It also provides the constant update of data sets, ensuring the quality of data to be analyzed. The symbiotic relationship between human analysts and AI solutions leads to the continuous generation of improved solutions that effectively deal with the innovative cyberattacks continuously evolving.

Disadvantages and Limitations of the Approach

Effective adoption of the approach requires benchmarking to validate the solution to understand the effective ways to refine and train algorithms, which depends on the findings. It also requires a mindset shift where analysts have to trust the model by incorporating the model’s findings to conduct their analysis. Incorporating the AI solutions requires repetitive testing and a need for retraining, and sometimes its benefits take time to be recognized.  AI solutions also have long gestation periods that would inhibit a company from delivering its expertise seamlessly. There would be delays in information delivery to the analysts at the right time. The need to constantly update models due to the regular appearance of vulnerabilities always increases the risks of negative interactions in cybersecurity infrastructure. Therefore, there is a need for constant updates that take a considerate amount of managerial attention to deal with the changes.

Q4. Key Parameters for a Successful AI Implementation in an Organization

The AI solutions need to be able to keep technical debts in check, which means that it should moderate human dependency on them. There should also be the availability of human support and intervention that does corrections where applicable. The AI-enabled tools adopted should consider various factors that ensure that the degree of automatability of the tasks is achieved. The AI solutions should also consider the degree of human expertise required and the analysis effort to disclose the identity of cyber attackers.

  • FireEye Strategy to Ensure Employees Adapt to the AI mind-set

FireEye engaged the team members in brainstorming to evaluate whether an AI solution, in this case, the ML solution, could help them deal with the tedious and repetitive tasks in the threat cluster similarity analysis. The decisions they made were dependent on data suitability and the rate of change. They also determined whether the data needed some modifications and the value it provided from a cost perspective. They also determined the adaptability of the AI-driven model and the need for constant changes to ensure it accommodates data changes. Therefore, being involved in all these considerations ensured that the analysts trusted the model and could easily adopt the model’s findings for their analysis.

Q5. How AI capabilities and AI support systems will influence FireEye and other cybersecurity companies in Future

AI capabilities will influence FireEye and other cybersecurity companies by pushing them to constantly create winning solutions that counter the complex and evolving attacking components of cyber attackers. Most companies will choose between an AI machine-driven approach or a human + AI approach to have a competitive advantage. This will require more research to ensure that companies adopt the most effective approach depending on the nature of the strategies used by the attackers. Firms will also be forced to create AI tools that can predict the next moves by threat entities, and this would help curb cyber-attacks.

  • How Industries are Influenced by Adoption of AI-Enabled Solutions and Automations

The usage of AI-enabled support and automation will enhance capabilities in the development, deployment, and support of the AI-enabled models, requiring more deep learning experience. The increasing capabilities of AI automation will require that companies determine the human expertise to retain and the human domain that would be removed. In the future, this would mean a fully automated operation for companies.

Q6.  AI-Enabled Support Systems and Automation a Repetition of History

AI-enabled support systems and automation are a natural step of ensuring more effective automation methods in the industry. The cybersecurity threat landscape is ever-changing due to the questionable legitimacy of the protectors and criminal attackers. This is because sometimes, the protectors become the attackers. Most of the aspects of cybersecurity have been open-ended with so many uncertainties. In the past, analysts were not aware of the techniques the criminals adopted to design attacks. Also, victims of cyber threats have been unafraid to share their data with firms to help them solve the issues. Therefore, AI has been adopted as a method of cybersecurity protection as it eases data sets collection, ensuring that only the right data is collected for threats attribution.

  • Experience of Dealing with the Changes

We have the experience needed to deal with changes in cybersecurity protection since the constant games played in the industry and the constant emergence of unseen interactions have created the need to develop new ways to deal with the new and yet to be understood games. Also, the actions of the entities involved in cybersecurity protection and threats are clear. This has forced firms to move fast and use large-scale data to enhance their intelligence and learning to be at an advantage in cyber protection. This means that the managers and corporations have the necessary information to understand the industry environment. By this, they can adopt the powerful developing technologies to change the landscape and make it difficult for the attackers while enabling the defenders. Therefore, firms are at an advantage due to the new rising technologies.

Share this Post