Revolutionizing cybersecurity

By / / Cybersecurity, Data Science / automation, Interpretability

The power of data science to empower the analyst

At Datharsis, we conceive cybersecurity not as an impregnable fortress, but as a dynamic ecosystem that requires constant evolution. In a digital landscape where the scarcity of expert analysts intersects with the growing sophistication of threats, the challenge is clear: how to optimize defense without overloading professionals? The answer lies in an innovative strategy, where data science and Artificial Intelligence (AI) not only automate, but also amplify the capabilities and analysis speed of the cybersecurity expert, guaranteeing transparency and efficiency.

The current context: security breaches and the challenge of detection

Cybersecurity. Current context
A fundamental element for the design of effective cyber defense tools is to understand the current context of cybersecurity. The landscape of security breaches is worrying. Statistics reveal tens of thousands of incidents annually, with billions of personal records (medical records, personal information, payment credentials) stolen, which translates into millions in losses and significant damage to the reputation of organizations. Attackers are fundamentally organized groups with high technical capabilities, motivated mainly by financial reasons. They employ sophisticated techniques such as hacking, malware or social engineering. The most alarming thing is the temporal imbalance: while system compromise can occur in minutes, detection can require weeks or even monthsOn many occasions, detection does not even occur thanks to cyber defense systems, but by clients or law enforcement agents. This time lag offers attackers valuable time for lateral movements and privilege escalation, making continuous improvement of detection systems imperative. The main objective is, therefore, to improve detection systems to reduce this temporal imbalance.

SIEM/SOC: pillars with opportunities for improvement

SIEM (Security Information and Event Management) systems and SOC (Security Operations Center) are fundamental integrators that consolidate massive data from multiple disparate sensors. Their key functionalities include:
SIEM functionalities
  • Reports: Streamline visibility and facilitate audit compliance.
  • Real Time: Allow efficient data searching and visualization generation.
  • Integration: Combine and enrich information sources, such as Syslog, SNMP, Netflow, network traffic, application logs, firewalls and IDS.
  • Triage: The correlation and ordering of events by relevance is crucial for analysts to minimize their review time, prioritizing among thousands of potential events. This is the key point that differentiates SIEMs amplified with advanced data analysis techniques.
However, these advanced systems have limitations. Interaction with data often requires advanced technical knowledge, an extensive learning curve, and optimizing the environment, adjusting dashboards and visualizations can be tedious and consume many hours of work. Despite the growing volume of data, the number of professionals does not grow at the same rate and we suffer from a permanent lack of technically prepared personnel, which requires integrators to do “wonders” to enhance the capabilities of analysts.

AI for Cyberdefense: balancing efficiency and interpretability

At Datharsis, the vision of the future of cyber defense involves optimal use of data through Artificial Intelligence techniques. We distinguish two main categories of AI algorithms in cybersecurity:

Black-box

DL, LLMs, Agents, MCP, RAG
Automation of the Analyst - System interface

White-box

Interpretable models
For triage and forensic analysis

  • “Black-box” AI: Includes models such as Deep Learning (DL), Large Language Models (LLMs), Agents, Model Context Protocol (MCP) and Retrieval-Augmented Generation (RAG). They are extremely efficient with massive data, but impossible for the human analyst to interpret. Their ideal application is in processes that can be automated without involving fundamental decisions, such as automating the analyst-system interface. At Datharsis, we conceive interfaces where visualizations are created or modified simply by talking to the system or through gestures, democratizing data access to non-technical personnel and eliminating the learning curve.
  • “White-box” AI: These are interpretable models. Although not as efficient in pure massive data processing as black-box models, their great advantage is that they allow a very good understanding of their output, offering an interpretable summary of what is happening in the data. These models should be the core of cybersecurity decisions, especially for triage and forensic analysis.

Why is interpretability crucial in AI for cybersecurity?

The interpretability of AI models is not a luxury, but an imperative necessity for multiple reasons:
  • Validation: Analysts need to understand how the system works to make the most of it, optimize its performance and have confidence in its results.
  • Error Identification (False +/-): Allows quickly identifying when the system’s prioritization is wrong, quickly discarding false positives and negatives. This is vital in most environments, where the number of alarms exceeds tens of thousands per day.
  • Audits and Regulatory Compliance: Since cybersecurity is critical infrastructure, the cybersecurity engine must be auditable. An interpretable system complies with current legislation, such as the European Union’s Artificial Intelligence Act (AI Act).
  • Chain of Custody: For legal purposes, such as actions against perpetrators of cyberattacks or for the justification of corrective measures that may affect client services, it is essential to have documentation of how incidents were identified.

Advantages of a 100% interpretable pipeline

An interpretability-based approach offers numerous advantages. In particular, our methodologies offer the following:
  • Total Transparency: The pipeline is 100% interpretable, from summaries to final details.
  • Continuous Improvement: By knowing how the system works, we can adjust it for optimal performance. It improves as it learns from analyst feedback, acting as an interpretable extension of reinforcement learning.
  • Agile Response: Responds faster to recurrent attacks or international alarms, strengthening the system against known threats.
  • Human Amplification: Our goal is to amplify the analyst’s capabilities, not to fully automate their work. AI becomes a tool that empowers humans.

Datharsis: towards the cybersecurity of the future

At Datharsis, we believe that each component of Artificial Intelligence must strengthen a specific part of the cybersecurity system. We seek intelligent automation in human-machine interfaces based on AI, while central analysis benefits from a 100% interpretable pipeline that offers justified detection (the “how” it works and the “why” an alarm has been prioritized) and supports efficient management. Our commitment is to transparency and efficiency, transforming the analyst’s experience and elevating cybersecurity to a new level of proactivity and adaptability.
Are you ready to transform your cybersecurity with intelligent and transparent solutions?
Contact Datharsis today and discover how interpretable AI can strengthen your defenses
Contact us

Related Posts

Scroll to Top