AI and cybersecurity: threats, responses, and future development

In this episode of “Innovation Decrypted” (in French) about the interconnections between AI and cybersecurity, Gérôme Billois interviewed Guillaume Ruty, Chief Product Officer at HarfangLab, and Paul-Arthur Joinville, CEO at Mindflow.  

Let’s take a look at the key takeaways and shine a light on AI in cybersecurity and its integration into the HarfangLab platform. 

AI on both sides of the cyber shield: attack and defense 

Artificial Intelligence is here to stay, both in our private and professional lives. Attackers have used it to develop deepfakes and industrialize phishing campaigns. Now, it is also playing a key role in cyber defense to better detect threats and automate responses. 

Predictive AI enables the discovery of new threats, while generative AI accelerates the use of detection and remediation tools. But concretely, how does HarfangLab use AI to protect a workspace? 

Workspace Security: AI to protect endpoints 

To protect workstations and servers, a cybersecurity solution such as HarfangLab’s EDR detects signatures as well as behaviors.  

It can detect threats by leveraging heuristics, in other words, detection rules that aim to identify threats (code, malicious file…). And it can also send alerts to highlight suspicious behavior.  

What role does AI play in all this? 

As Guillaume Ruty explains: “Thanks to AI, the EDR can detect unknown threats [from virus databases and rules configured in the solution]. The cyber industry has been using predictive AI algorithms for around 10 years to assess whether a program or a file is malicious. Predictive AI is a very broad family that includes advanced techniques such as Deep Learning and Machine Learning.” 

The use of AI in cybersecurity is far from recent, being widely adopted for email filtering, anti-spam, and more. What about at HarfangLab?  

The HarfangLab platform includes algorithms developed in-house. This intelligence is a veritable war chest!  

First of all, the relevant algorithms have to be identified from among all those available before development can begin. Then they need to be retrained regularly to keep pace with the threat landscape. 

Ashley is the AI engine behind HarfangLab’s EDR, combining several interactive models to ensure workspace protection. It analyzes hundreds of characteristics to predict the malicious nature of files or scripts, and its models are trained regularly as the threat evolves. Cybersecurity is an eternal game of cat and mouse, as new malware emerges and evolves… 

“At present, training only takes a few hours, which means we can regularly add new malware families to train our models.  

As these models are embedded in our users’ machines, they need to be as effective as they are light. And they need to be distributed and updated. This packaging phase actually requires the most effort in order to preserve the performance of protected endpoints”, Guillaume Ruty adds. 

AI to boost productivity 

As Paul-Arthur Joinville reminds us: “AI enhances protection capabilities but is not intended to replace the work of analysts. Human intervention remains central to detection and remediation, to deal with false positives, to investigate…” 

The data collected by an EDR is extremely numerous and rich, and you need to be able to navigate through it in the event of an alert. It’s a complex job even for experienced cyber analysts. AI helps contextualize and filter data to save time and facilitate analysts’ work. To this end, HarfangLab offers the services of Kio, its assistant based on generative AI that responds to user queries in natural language. 

“Our aim is to go beyond navigation assistance with AI and also enhance interpretation capabilities. Analysts’ time is a precious resource, especially given the amount of devices to be protected on the scale of an IT fleet. HarfangLab’s mission is to optimize this time. The challenge is to enable cyber experts to focus on defining security policies, rather than acting as ‘cyber scribes’ who analyze thousands of alerts, product configurations or access rights”, Guillaume Ruty concludes. 

As Gérôme Billois reminds us, and quoting Nvidia’s CEO: CIOs (and CISOs) could one day be called upon to become the HR managers of AI agents. 

Looking for more information about Ashley, our AI engine?
Discover how it works: