Figure no.1:
Figure no. 2:
Platforms for AI integrated in Cybersecurity
| Platform | Main Purpose | AI Technology Used |
|---|---|---|
| Darktrace | Threat Detection | Unsupervised Machine Learning |
| Vectra AI | NDR + Cloud Security | Deep Learning |
| CrowdStrike | Endpoint Protection | Threat Graph AI |
| Cylance | Predictive Antivirus | Signatureless Machine Learning |
| Microsoft Defender | Analysis + Response | Microsoft Cloud AI |
Observed data in case study
| Parameter | Observed value |
|---|---|
| Detected Traffic | Steady communication on unusual port (TCP 8081) |
| Traffic Volume | Low and regular (low & slow exfiltration) |
| AI Analysis Type | Unsupervised learning |
| AI-generated Risk Score | High (exceeded automatic isolation threshold) |
| Automated Response Triggered | Yes: segment isolation and SOC alert |
Key performance indicators (KPIs)
| KPI | Estimated value | Interpretation |
|---|---|---|
| Mean Time to Detect (MTTD) | < 1 minute | Immediate anomaly detection by AI |
| Mean Time to Respond (MTTR) | ~5 minutes | Alert, containment, and SOC notification |
| Detection Accuracy | > 95% | Confirmed true positive attack |
| False Positives in This Incident | 0 | No erroneous detection |
| Data Exfiltration Prevented | Approx. < 2 MB | Exfiltration interrupted by isolation |
| Number of Systems Affected | 1 | Attack stopped before lateral spread |
| Post-incident System Uptime | 99.99% | Fast recovery and reintegration |