Security Market Segment LS
Monday, 22 October 2018 04:32

Threat intelligence and AI work better together

McAfee senior vice-president and CTO Steve Grobman McAfee senior vice-president and CTO Steve Grobman

Humans and AI working in tandem can do better at spotting threats than either can alone, according to a McAfee executive.

McAfee has been investing in AI as a way of augmenting its threat intelligence activities, said senior vice-president and chief technology officer Steve Grobman, and has found that combining human analysts and AI amplifies their effectiveness.

Traditional threat intelligence gives very few false positives (good code misidentified as malware) but there are some false negatives (undetected malware). AI working alone gives fewer false negatives (less malware is missed) at the cost of a higher rate of false positives.

Combining the two approaches results in close to 100% malware detection with minimal false positives, he said.

McAfee has one billion sensors in the field, about half of them consumer PCs running the company's software. The advantage of the latter group is that they largely operate in the "wild west" of the Internet because nobody is telling their users to steer clear of known bad places.

These sensors generate 116 million telemetry events every five minutes. But "data by itself is not actionable", said Grobman. "What you really need is insight."

The company's global view of threat activity means it can provide insights that can help customers focus on the things that need particular attention at that time, such an ensuring that specific patches have been applied, or checking for certain types of misconfiguration.

It could also identify active campaigns targeting particular geographies or industry sectors so that affected customers could be alerted, he said.

The writer attended McAfee's Mpower Cyberecurity Summit as a guest of the company.

Subscribe to ITWIRE UPDATE Newsletter here

Active Vs. Passive DWDM Solutions

An active approach to your growing optical transport network & connectivity needs.

Building dark fibre network infrastructure using WDM technology used to be considered a complex challenge that only carriers have the means to implement.

This has led many enterprises to build passive networks, which are inferior in quality and ultimately limit their future growth.

Why are passive solutions considered inferior? And what makes active solutions great?

Read more about these two solutions, and how PacketLight fits into all this.


WEBINAR INVITE 8th & 10th September: 5G Performing At The Edge

Don't miss the only 5G and edge performance-focused event in the industry!

Edge computing will play a critical part within digital transformation initiatives across every industry sector. It promises operational speed and efficiency, improved customer service, and reduced operational costs.

This coupled with the new capabilities 5G brings opens up huge opportunities for both network operators and enterprise organisations.

But these technologies will only reach their full potential with assured delivery and performance – with a trust model in place.

With this in mind, we are pleased to announce a two-part digital event, sponsored by Accedian, on the 8th & 10th of September titled 5G: Performing at the Edge.


Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News