AI to solve cyber security - give me a break
Is the fundamental product any good? As I understand it the claim is that by using "artificial intelligence"/"machine learning" a lot of the traditional heavy lifting of conventional cyber security consultancy can be avoided. The various sensors that are placed in a client's system monitor traffic and decide what is normal. Anything abnormal is flagged for attention.
Problem number one: many businesses and organisations are seasonal so that it will take at least a year and possibly two or three before you can feed the machine learning system with enough data to make decisions. How, for example, would such a system have coped with COVID where suddenly there would have been a huge amount of remote accesses and homeworking?
Problem number two: most organisations are constantly developing new services and systems - all the time that your monitoring system is trying to work out what is normal.
Problem number three: any alert system such as we already have for intrusion detection systems is heavily dependent on the sensitivity settings. Too sensitive and you get many false positives; too insensitive and the bad guys get in unannounced. So you require a lot of humans to make judgements as the system produces alerts.
Darktrace seems to be a heavily marketing orientated operation and may account for success by selling to the ignorant.