This increased shift towards a predictive approach is effectively allowing Vectra to extend the capabilities of seasoned professionals.

“All AI and data science, quite frankly, is about predicting things; it's all statistics. You're like 'oh, this is probably a problem. I have a 90% confidence that this is an issue'. But now we're saying: how do we enable an analyst to sit down and start playing with the data themselves, assisted with AI?” says Morales.

“Instead of it making the decisions, they're asking questions and the AI is driving answers, and effectively creating insight.”

This allows professionals to gain an understanding of where attacks are going to happen, and where potential problems might lie. Morales likens this to defensive driving, where a road user will avoid other drivers behaving erratically or in a manner that increases the risk of a crash.

“We can start applying AI in the same way we look on the network for things like, okay, we start with looking for the attacks that are happening now,” he says.

“Now what we discuss is how we start looking for the things that are going to be an attack, or are going to be a higher risk, and you can start correcting those problems or avoiding them.”

One of the reasons AI is so effective in cybersecurity, Morales argues, is that attackers are forever changing their techniques, which AI is very well suited to responding to.

“I think it's inevitable and necessary that we use AI and machine learning, [because] by its nature it's very adaptive,” he says.

“A lot of security has been very static, and absolutely that's been the fundamental issue because attackers are also dynamic and are really smart. They stare at it and go 'oh, look at your system. I'll just do this; I'll turn left instead of going right'. It's silly, they laugh at us.

“So systems have to be dynamic and adaptive to the people in real-time, and no human is going to be able to keep up with that, nor is a static system.”

Notably, while AI is beginning to see widespread use in many parts of the cybersecurity industry, it hasn’t led to the loss of jobs.

“It hasn't reduced the headcount at all. A lot of our customers actually have more human employees now: the humans never go away,” explains Morales.

This is because AI is truly complimenting the work cybersecurity professionals do by handling much of the tedious side of the job and freeing up more time for the complex human challenges. Essentially, AI is augmenting the role of the average cybersecurity professional.

“Our takeaway from this is man and machine. There's work that's suited to machines, and there's work that is suited to humans,” he says.

“It's funny: our first product was all about automated initial detection, our new technology is all about assisting the human for the deeper investigation they do.

“Humans are very creative and intuitive, and there's ways that we can link together ideas that seem non-associated. It's like looking at an apple and thinking of gravity. That's very human. Trying to teach a machine that is hard.

“But they're very good at repetitive tasks and large volumes of data, and getting rid of that part. And we're horrible at that. So when you put them together, I really think it really takes to win. One or the other by itself doesn't do it.”

An interesting secondary benefit of this AI-enabled approach to cybersecurity is that it is also making it easier for juniors to more effectively get into cybersecurity. And at a time when routes into cybersecurity remain challenging, this is an appealing prospect for companies struggling to find enough workers.

“You can take a junior person and give them a high level of automation by AI and they'll be more effective at their job,” says Morales.

“Some of our clients for the initial – what we call tier one work, which is the entry-level work – they're able to take students, interns, people from network operations, helpdesk, other people who are, intelligent, skilled, and teach them security using a heavy level of automation and AI.”

Over time, these people can acquire new skills, meaning the level of AI they need to do the job reduces, but this approach allows the technology to act as training wheels that ensure a smooth ride while people are still learning.

“Those people will eventually learn to get into the heavier areas, where you're talking about the real, manual threat-hunting and or deep investigation. Those actually still take a high skill level, but even the really experienced people need some level of automation and assistance to be more efficient in that.”