We should not think about AI for detection without understanding the needs of detection engineers in terms of explanability and accuracy.
I covered these topics with Max (CPO @Darktrace) last January [1] [2]
The good old alerts from signature has a virtue : they are easy to understand and detection engineers can tweak them if they generate too much false positive. AI or ML based algorithms, especially unsupervised, generate anomalies and often require a long and painful "doubt removal" process within SecOps team...
Great points @Omer.
We should not think about AI for detection without understanding the needs of detection engineers in terms of explanability and accuracy.
I covered these topics with Max (CPO @Darktrace) last January [1] [2]
The good old alerts from signature has a virtue : they are easy to understand and detection engineers can tweak them if they generate too much false positive. AI or ML based algorithms, especially unsupervised, generate anomalies and often require a long and painful "doubt removal" process within SecOps team...
AI for cyber detection is not a "done problem".
Would love to continue the conversation!
[1] https://cyberbuilders.substack.com/p/ai-and-cyber-from-a-detection-engineers
[2] https://cyberbuilders.substack.com/p/decoding-ai-in-cybersecurity-navigating