A Blended Approach: How Brite Combines Human Analysts and AI for Stronger Cybersecurity

At a Glance:

• At Brite, we realize that, while AI is an incredible tool that leads to many positive outcomes, it should not replace having human analysts in the loop.
• At the same time, AI is not something that cybersecurity teams should shy away from, especially in today’s evolving threat landscape.
• That’s why Brite takes a blended approach that provides as complete a defense as possible against threat actors – giving organizations the peace of mind they need.

 

Within the past few years, society has seen the emergence of artificial intelligence and marveled at what it can do: entire articles written in mere seconds, incredible images and videos that blur the boundaries of reality, and more.

Of course, AI is not without its drawbacks. Those instantaneous articles and realistic-looking images and videos need to be fact checked. And, of course, AI is no substitute for human creativity and reasoning.

The key, then, when using AI, for any purpose, is to do so responsibly: leverage the capabilities but recognize the limitations. This is absolutely the case in the world of cybersecurity, as well.

At Brite, we realize that, while AI is an incredible tool that leads to many positive outcomes, it should not replace having human analysts in the loop. At the same time, AI is not something that cybersecurity teams should shy away from, especially in today’s evolving threat landscape.

With all that being said, let’s explore the benefits and boundaries of AI in cybersecurity, the critical role that human experts play, and how Brite ‘s approach strikes a perfect balance between the two.

 

What to Know About AI in Cybersecurity

A big reason why cybersecurity teams need to employ AI is to combat threat actors who are also using it in their attacks. AI in cybersecurity allows organizations to find and manage threats in a way that matches advancement by threat actors.

For example, AI can be used to accelerate fraud detection, prioritize vulnerabilities, and streamline reporting. It can also greatly improve mean time to detection and mean time to response.

One thing that must be kept in mind, however, is that AI is a very broad and catch-all term. There are many different subsets of AI or AI applications like machine learning for fraud detection and large language models (LLMs). Each requires its own consideration to get the most from the technology.

For example, large language models benefit from large amounts of hands-on tuning and curated data. On the flipside, fraud detection systems (once they hit a certain point) can run with on-the-fly adjustments.

In other words, it’s important to know not only what AI can do but also how to get the most out of it.

 

The Limitations of AI

As useful a tool as AI is in cybersecurity, it is limited, particularly by the principle of “quality in, quality out.” Many AI projects fail due to several issues that must be mitigated in order to gain the full benefit.

The first point is the quality of data, especially if it’s from legacy systems. The second point is executive buy-in: no program in any business will succeed without buy-in. The third point is stakeholder input to ensure the goals of the program align with what practitioners need.

If these parts aren’t met, then the AI outputs will be unreliable. That’s why Brite thoughtfully blends technology around its people, with proper data sanitization and organization, executive buy-in and stakeholder input.

Furthermore, the blending of technology and people is necessary because it helps to ensure the AI stays on goal and does not become what is known as a “hallucinatory slop generator.” To clarify, “slop” is a term of low-quality AI content that would be considered garbage output.

Lastly, these emerging technologies can also pose risk depending on implementation, with large language models being essentially databases that can talk back. This means any implementation of LLMs must be done with the same security mindset of a database.

 

The Importance of Analysts

Now that we’ve covered the benefits and limits of AI in cybersecurity, let’s take a look at why it’s necessary to have “humans in the loop,” so to speak.

Humans in the loop means quite simply that despite all the automation and systems, experts are still reviewing the outcomes. This ensures that automation acts not as a static implementation that will fall off over time, but instead as a living program that can dynamically respond. For example, at Brite, we pair our technologies with analysts who can make sense of information based on the organizational and threat landscape context.

Unlike humans, AI is unable to understand when it makes a mistake or know that it has hit the limits of its knowledge.  Humans, on the other hand, have the ability of self-awareness, while AI or natural language applications do not.

Therefore, when implementing AI, it must be done either so narrowly it can’t go outside the bounds or so generally the limits don’t matter. The human analyst, then, can synthesize information from these various contexts with their expertise to understand the situation fully.

In summary, AI is best viewed as an assistant for the humans to turbocharge their investigations and help them take the next leap. Human analysts can also coordinate with both the systems and other coworkers to fill any knowledge or service gaps.

 

Finding the Balance: The Brite Approach

At Brite, our approach to cybersecurity features a perfect balance of human and AI detection and response.

By leveraging machine learning applications in our information security tools such as CrowdStrike, SentinelOne and Stellar Cyber, our analysts can go through an incomprehensible amount of data. Additionally, we utilize LLM technology to speed up analyst research via custom training and calls to databases for accuracy.

Furthermore, AI applications utilizing natural language processing are used to speed up reporting and summarization work. Plus, the AI used in our XDR/SIEM systems allows for real-time detection and alerting.

Brite’s analysts also rely on statistical and inference models for our security systems and use machine learning to tune/improve them. This tuning is done thoughtfully by humans, thereby avoiding the pitfalls of AI implementation, which, according to a recent MIT study, causes 95 percent of implementation to fail.

Fortunately, Brite is in the 5 percent of organizations who have done this successfully because we choose to thoughtfully implement these advancements to complement our people, existing technology, and processes.

Lastly, it’s worth pointing out that while Brite leverages large amounts of automation, each important call is handled thoughtfully by a human in the loop. In a nutshell, AI helps filter out the noise so our analysts can respond faster and focus on the alerts that truly matter.

 

Move Forward with a Blended, Comprehensive Strategy

There’s no denying that AI is capable of incredible feats, as we’ve outlined here in this blog post. However, as we’ve also made clear, it needs to be implemented and handled responsibly by expert human analysts. This blended approach provides as complete a defense as possible against threat actors, giving organizations the peace of mind they need.

Learn more about Brite’s cybersecurity technology solutions here and its managed cybersecurity service, BriteProtect, here. Also contact us at 1-800-333-0498 or SalesInfo@Brite.com to find out how our blended approach to cybersecurity will keep your organization safe from the latest threats around the clock.