McAfee has been investing in AI as a way of augmenting its threat intelligence activities, said senior vice-president and chief technology officer Steve Grobman, and has found that combining human analysts and AI amplifies their effectiveness.
Traditional threat intelligence gives very few false positives (good code misidentified as malware) but there are some false negatives (undetected malware). AI working alone gives fewer false negatives (less malware is missed) at the cost of a higher rate of false positives.
Combining the two approaches results in close to 100% malware detection with minimal false positives, he said.
These sensors generate 116 million telemetry events every five minutes. But "data by itself is not actionable", said Grobman. "What you really need is insight."
The company's global view of threat activity means it can provide insights that can help customers focus on the things that need particular attention at that time, such an ensuring that specific patches have been applied, or checking for certain types of misconfiguration.
It could also identify active campaigns targeting particular geographies or industry sectors so that affected customers could be alerted, he said.
The writer attended McAfee's Mpower Cyberecurity Summit as a guest of the company.