This interview is part of our new AI in Cybersecurity series, where we interview the world's top thought leaders on the front lines of the intersections between AI and cybersecurity.
In this interview, we speak with Dustin Hillard, Chief Technology Officer at eSentire, to understand how his company is using AI to transform cybersecurity, and what the future of the cybersecurity industry holds.
1. What’s the story behind your eSentire? Why and how did you begin?
DH: eSentire was founded in 2001 by Eldon Sprickerhoff, the original pioneer and inventor of what’s now referred to as Managed Detection and Response (MDR.) The company was started in response to the incipient but rapidly growing demand for a more proactive approach to preventing and investigating information security breaches. Headquartered in Waterloo, Ontario with offices around the globe, the company provides risk advisory services in addition to its Managed Detection and Response offering, which was launched in 2008. The eSentire MDR service provides a spectrum of threat protection capabilities that go beyond alerting to disrupt threats. The service detects threats that traditional security defenses miss and responds on the customer’s behalf.
2. Please describe your use case and how eSentire uses AI:
DH: Protecting the scale of information that’s widely distributed across an organization’s infrastructure, endpoint, customers and supply chain partners requires the continued innovation of MDR. At eSentire, AI technology is used to help sort through mountains of data, filter it down, and make it accessible for security teams to take immediate action.
The average Security Operations Center (SOC) can only handle about 5-10 percent of the information coming in, and when you consider that each customer of a SOC is generating as much as 10,000 pieces of information per day, that means a mass of information is being ignored or overlooked. It’s not practical to think that humans alone can tackle this. And that’s where AI fits in. But it’s also important to reiterate that it’s the human plus technology combination that’s needed to actually deal with the full continuum of threats in the evolving security landscape.
3. Could you share a specific customer/user that benefits from what you offer? What has your service done for them?
DH: Summit Hosting is a cloud-hosting company offering specialized Quickbooks-hosting services. The company’s aggressive growth strategy left its resource constrained. As a result, the company was struggling to manage a diverse set of assets across several locations that made them difficult to secure.
And updates were a particular challenge – updates applied to Windows servers could break products for multiple users. After a massive ransomware attack in late 2017, Summit turned to eSentire first for a risk assessment and then for eSentire’s MDR solution, which provides rapid intrusion detection and response that autodetects and responds to known and unknown threats.
4. What other AI use cases in cybersecurity are you excited about?
DH: Attackers have access to more sophisticated tools than ever before, allowing a much broader set of actors to use techniques that were only previously available to nation states. These sophisticated tools are often designed to subvert detection by even the best security tools, because they avoid the signatures that many tools are based on. Detecting these behaviors requires taking broader data sets that can identify unusual patterns. We have developed AI technology that can detect obfuscated commands, which has resulted in the detection of sophisticated actors in our customer networks.
5. Where will eSentire be in 5 years?
DH: Customer networks are rapidly evolving beyond traditional environments to include multiple cloud environments, IOT devices, and frequent access from outside, heavily secured networks. These trends are changing the way that our customers need to secure their business – shifting from securing their networks and systems to securing their users and critical business data. Our company is helping lead this evolution, with broader visibility and detection of the behaviors that lead to business loss. Our focus will always be on detection and response, but we are expanding what we detect and how we respond to stay ahead of the changing needs of our customers.