Interviews > ExtraMile Video series

And when I used to say that the AI agent can do 85% of the work with high quality people who think that that 85% number is very high today, that number is actually north of 98%. Right. So 98% of the alerts that we triage and we triage about 3000 alerts every week, 98% of them are such high quality that doesn't require a second round of human touch.We do have a 24 seven team and their feedback, I was actually talking to a sock lead last week. And he said Kumar three months ago, we used to look at 250. So three weeks ago, we used to get like 2000, a couple of months ago, 2000 alerts a week, only 250 of them had to be reviewed by human.That's like 12.5%. So 85-87% was already being done by the alert. And what he's shared with me in that the quality has improved so much in even in the last two-three months that that number that they have to manually triage has gone down from 250 to 50. And that is why that, you know, 12 and a half percent that they had to manually do is now well under three to 4%.

And today, I was looking at this number, it was actually under 2%. So we are seeing the quality of the AI agents improve quite a lot. And my hunch is that it's only going to get even better over the next year or two.

So I'm still hopeful that we haven't seen the best of what the AI agent can do quite yet. And already, what we are seeing is quite impressive, not just in terms of the speed and thoroughness and breadth, but actually in terms of quality of the output that people are produced, because that was always one of the big questions is can it produce high quality work. And as far as alert triage investigation response is concerned, in my mind, that is a settled issue is like there is no doubt I can show you the results. And I mean, it doesn't even it doesn't even come close.

Host: Absolutely. Now speaking of alerts, AirMDR processes 1200 alerts in just three minutes. So how do you balance automation with the human touch and security?

Kumar: So the human analyst and the AI analyst have a very symbiotic relationship, right. And what I mean by that is human analysts actually can be much more productive if the AI analyst can do a lot of the grunt work, right, a lot of the first round of work, it gives people more time to focus on the 2%, 3% of the alerts that really require in depth work, right. So the AI analyst is augmenting the human analyst.

But one of the things that doesn't get talked about enough is AI analysts are not perfect. And they don't have the full domain experience and full knowledge, much of the knowledge is still trapped in people's heads, right. And people to people communication brings out a lot of those facts, a lot of those enterprises, specific caveats, if you will, and that needs to also get trained back into the AI analyst.

So our human security engineers, SOC analysts are also making the AI analyst much better. So AI analyst is like a very capable junior analyst, much faster, but does not have all the domain experience. So it can gain domain experience from real people, but it can do the things that it knows how to do 50 times faster. And so it's a hybrid approach, in my view, is the best approach.

Host: Moving on, your goal is to give SMEs enterprise level security. So what's one challenge smaller businesses face that big players like CrowdStrike miss?

Kumar: So when I think of large enterprises for the first, you know, 15-16 years of my career, I have worked with, you know, several of the fortune thousand companies, right, who have 300 people in cybersecurity, millions of dollars in cybersecurity budget, right. But for every one of these companies, there are 50,000 person companies that have two security people and don't have a fraction of the budget that these very large companies do. And yet they have to when it comes to threat detection, threat detection, incident response, cybersecurity, they have the very same problems that the big guys have, right.

But they have to solve the same problems with a very, very lean team, very, very small team and a fraction of the budget. So I think the small companies have it much harder because they they're getting attacked in the same way, but they don't have the resources, they don't have the funding, they don't have the team, they don't have the expertise. And that is why one of the things I see as an opportunity in this space is how do you bring that really fortune 500 quality of detection and response and make it affordable and accessible to a thousand person company at a price they cannot actually afford.

Host: Absolutely. So from ArcSight to Logic Hub to AirMDR, how has your thinking about security automation changed over the years?

Kumar: I think the massive shift has happened in last couple of years, right. So I look at it at three stages of evolution, right. So for first, I started in this space, I'm dating myself, but back in 2001, right. And I would say from 2001 to roughly around 2014, it was all done manually. People were building tools for human analysts to do. Around 2014, 2015, people started realizing that there is much more work than can be manually done.

So how about we automate it? And I think so that was, I would say, 2015- 2014 till last year was a lot of automation was the best thing available out there. That has changed. Today, I think the agentic, the AI agents, right. And it's like looking at some kid that is 10 years old and can beat out a grandmaster. And then you're wondering, what can it do when it's 21 years old?

And that's the same way I feel about the AI technology today. As good as it is, it is still, there is a lot more potential ahead of it than what's possible today. So I think the big shift in the last couple of years is the shift from automation to agentic.

Host: Some say AI can't match human intuition and threat detection. So how do you respond to this? And can you share an example where your AI proves that wrong?

Kumar: Right. Okay. So I think the difference is, it's not a black and white question, right. And here is what I mean by that. Most of the companies don't have the best threat hunter in the world, right. Let's say you took all the threat hunters in the world and said, okay, who is the best threat hunter?

Can the AI beat that best threat hunter today? The answer is no, right. But then you go and look at the best threat hunter that 95% of the companies have. Can it make them much, much, much better? Not by 30% better, but like 10x better. And the answer undoubtedly is yes, right. And so it's not a, it's not an absolute black and white question. Is it better than every human analyst? The answer is no.

Is it better than, is it? And the question is not even, is it better, right? And I give the analogy, wherever I go grocery shopping, it's two miles away. I could have walked there. It would take me 30 minutes to get there. And I won't enjoy the experience. I just drive there. It takes me five, 10 minutes. And I actually enjoy, I don't mind driving for five, 10 minutes for a couple of miles, right.

So, I think that the difference is people think of it as an either or, but AI at the end of the day is a tool that will make people even more productive, right. 30 minutes versus five minutes, right. And it's a much better experience. And that is the way I look at AI, not as a, this human versus AI. I think the best way to look at it is the AI is yet another transformative tool that will make the human analyst, the human threat hunters, the human SOC teams at least 10 times better.

And that is not, I used to think that is, that is a stretch goal, but I really, the experience in the last year or so, having built an AI analyst, having deployed it, having seen the advantages it can deliver in production, I'm more convinced than ever that 10X is, is very achievable. And we are already seeing early signs of that.

Host: Moving on, you raised 5 million from top VCs. In such a crowded market, what made your pitch stand out?

Kumar: So we have raised 15 million so far. 5 million was the seed round that we started early on. And, and I think the, the, the advantages and the transformation that this AI agent can bring to security operations is very, very clear.

And that is why it is attracting a lot of investment dollars. That said, you know yeah, so in some ways the experience that I have had building, you know, ArcSight, Sumo Logic, Logic Hub and all of that, right. So I have been working in this space at the cutting edge for, for the last 20 plus years, right.

So very strong DNA in security operations, if you will, having built, you know, category leading products before. And, and that is one of, like when you start the company at the seed stage, that's, that is the, the team, the market is, is what people look at. And so the, the DNA is there, the experience is there and the opportunity is there. I think a combination of those two things is what makes raising 5 million or 15 million or another 25 million much easier than would have otherwise been the case.

Host: Absolutely. With attackers also using AI, how do you make sure AirMDR stays one step ahead?

Kumar: I think security by nature is, is an adversarial game, right. There are real people using the latest and greatest technology, trying to work around security controls and all of that. So I don't think this will ever get done.

So it's a, it's a practice of constant continuous innovation, right? So every week, every day, right, you're looking at what are the threats that people are getting. And, and it starts with really like there are three core pillars of it. You want to start with very good observability. You want to collect all sorts of telemetry sensor data. You want to have really strong detections built on top of it.

And then, you know, when you get those alerts, you don't ignore those alerts or you don't take three days to investigate an alert in depth. You investigate those alerts in less than five minutes. And if you can deliver those three things really, really well, the reality is you can reduce your risk profile by as much as 99%.

There is no hundred percent guarantee that you'll have perfect security, but you can get a very, very high degree of security and you can lower your risk quite a bit by just doing a very good job on those three things, monitoring, detection and response.

Host: Absolutely. And as we wrap up, Kumar, you've built several startups. What's one thing you wish you knew before you starting AirMDR?

Kumar: What is one thing I wish I knew before starting AirMDR? That is a really good question. I still, on the big things, the things that really matter, much of the hypothesis has come true.

There are many smaller things. I think the main question in my mind is seeing how rapidly, and this question has not been answered yet, so it is a question that probably a year or two from now would be very, very appropriate. But the question that I wonder about is on a technology side, the step up, the difference between what's possible and what's the current state of the art is very obvious.

It's much better. The question, the big unknown is how rapidly will people absorb this? How rapidly will enterprises adopt this? And that question is still to be answered fully. So maybe in a year, I'll have a better sense of like how did the enterprise adoption of AI SOC, AI analyst goes.

Host: Kumar, this has been an insightful and inspiring conversation. Thank you so much for sharing your type and vision for the future of AI in cybersecurity.

Kumar: This was great. Great questions. Thanks again for having me on.

Great to speak with you.

Host: And to our audience, thanks for tuning in. I'm your host, Sayali. See you soon in the next episode of ExtraMile by SecureITWorld with another amazing leader on board.

Until then, please stay tuned.