Intelligence Augmentation is a fundamental technology that extends and enhances human capabilities by analyzing and correlating disparate data over time. It can then automatically deliver meaningful insights, designed to be easily consumed and understood by security and business users.
Mimicking human intuition
One of the most prominent applications of Intelligence Augmentation technology is Darktrace’s cutting-edge work in automating a vast range of tasks that were previously carried out by trained cyber security analysts.
Over a period of three years, Darktrace developed AI that observed how expert security analysts interacted with the output of our Self-Learning AI and came to conclusions about threat scenarios and incidents.
For example, the technology analyzed the way that analysts formulate hypotheses, ask questions, follow leads, and make enquiries to reveal the full scope of a security incident.
As a result of this project, Darktrace was able to produce the first ever ‘AI Analyst’, an AI that mimicks human intuition by intelligently stitching together disparate information sources, in order to prioritize workload, and perform fully-fledged threat investigations in real time.
AI and second-order effects
Self-Learning AI analyzes raw data in situ from across the digital enterprise, and establishes patterns of behavior in order to pinpoint potential risks, threats, or attacks.
Intelligence Augmentation applies a second layer of AI on top of this, using unsupervised machine learning to assess the output of these finds.
The result is AI-detected security events feeding into overarching incident summaries which showcase the full scope of the compromise.
- A single alert or event serves as the ‘lead’ of an investigation.
- Like a human analyst, Intelligence Augmentation starts with this lead and generates plausible hypothesis about the nature of the potential threat and the potential underlying cause.
- It then queries and analyzes data that may confirm, deny, or refine its hypothesis – using custom algorithms.
- This process is repeated continuously until it settles on a high-level description of the nature and root cause of the wider security incident.
This process of threat investigation takes a human analyst three hours on average to complete.
Intelligence Augmentation can perform multiple investigations simultaneously across your organization, at machine speed.
Optimizing human teams
Human security teams are falling under significant time pressure and often lack the resources to conduct full investigations into incidents. This can sometimes lead to important facets of attacks being overlooked.
Intelligence Augmentation dramatically extends the reach and efficiency of in-demand and time-pressed cyber experts.
Reducing time to meaning
Intelligence Augmentation also incorporates technologies such as Natural Language Processing to present its work and conclusions in a human-readable format. For example, it can automatically produce a written report about a threat investigation in any language, which summarises key information and reduces both time to meaning and time to response for security teams.