Rapid7, one of Massachusetts’ largest cybersecurity firms, is integrating generative AI into its software to improve and speed up alert triage.
The Boston company (Nasdaq: RPD) develops software that helps to identify vulnerabilities, monitor malicious behavior, and investigate and shut down cyber attacks. The company has over 11,000 customers worldwide and monitors and says it assesses 4.8 trillion security events weekly.
Laura Ellis, Rapid7's vice president of data and AI, said in an interview that generative AI and machine learning helps Rapid7 disseminate aid faster, helping boost the signal of malicious alerts while ensuring lower-priority alerts stay out of the way. The technology also helps create better and more accurate security reports for the team of 2,301 employees at Rapid7.
Rapid7’s AI engine is a collection of specialized AI models that work together to aid the security lifecycle. Ellis declined to say exactly how many different AI models they have trained for various risk situations, but said that having a variety of AI models increases safety potential.
The challenge for Rapid7 is the variance of security alerts and problems. Because the company has such a large user base which Ellis said is spread across “three geographies around the globe,” alerts are varied and can be everything from security vulnerabilities to active risks across sources and systems.
Rapid7 is joining companies across a wide range of industries that are integrating AI into its products.
Rapid7 says it doesn’t rely solely on the new generative AI software to make decisions and implement solutions. Rather, Ellis said AI does the heavy lifting by automatically classifying what is and is not malicious, taking into account a user's baseline behavior and threat and risk research done by the Rapid7 team. At the end of that pipeline, the SOC analysts are able to make a better and faster decision about the next steps.
“We’re really relying on the people,” said Ellis. “We’re not just putting this out there and saying, 'We did our models and think it looks good.' No, we’re doing first, second, third, fourth and fifth passes leveraging our SOC analysts.”
