Artificial Reality | The PatternEx Blog

Is Trust Breaking Out?

There has been an information security mantra for years in the United States about the need for a public - private partnership. While ISACs have existed since the late 1990s, the results of public - private partnerships have hardly been harmonious; instead acrimony has been been the order of the day in most instances. Private sector organizations have long complained about the one way flow of information security data and information: from the private sector to the federal government, with nothing in return. That’s not entirely true, but that is the strong perception at least. For example, the NSA has been providing malware signatures to DIB (defense industrial base) companies for a couple years (e.g., “NSA Chief: Agency Wants To Provide Malware Signatures, Not Enter Private Networks”). The response of the private sector has generally been criticism of NSA’s perceived motives, and criticism about the quality of the NSA malware signatures provided. Of course this private sector skepticism was confirmed by the Snowden revelations in June 2013. Particularly galling to the private sector (especially the technology companies) was NSA’s PRISM surveillance program. Even within the private sector information sharing has been restricted. For example, ISACs are generally restricted to industry-specific members, and raw data is not shared. Rather. processed information, such as IOCs and malware indicators, are shared.

Topics: AI SOC MSSP

Changing Business Considerations for MSSPs: Saying Goodbye to Soda Straw Views

As the threat landscape has evolved (e.g., increased number and size of DDoS attacks), MSSPs are being forced by the market to evolve their service offerings. It simply is no longer acceptable for an MSSP to manage perimeter firewalls, a couple of Internet-facing applications, and perhaps a couple of important internal systems (e.g., Active Directory domain controllers). Why not? Because such (effectively) stand alone ‘soda straw’ views do not provide the MSSP (nor the customer) with the context needed to be able to detect today’s sophisticated attacks. For example, with that hypothetical monitoring scenario, it would be extremely difficult to detect lateral movement, let alone a compromise of individual systems.

Topics: Threat Detection AI analytics MSSP

RSA Conference Recap: the Synergies Between AI & IoT

Last month, the RSA Conference was held in San Francisco, it’s usual location. While attendance numbers for the conference have not been released yet, apparently attendance was not as large as last year’s record of some 43K+ attendees. And, it did not seem as crowded as last year—good!

Topics: IoT infosec SOC MSSP

Why MSSPs Should Be Interested in Virtual Analyst Technology

MSSPs face several challenges in effectively running their operations, and subsequently providing value to their customers. For example, MSSPs’ customers are often demanding, and are concerned about their TCO. 

Topics: Threat Detection SOC MSSP

Finding Cryptocurrency Mining Malware

2017 was the year of ransomware.  2018 is already shaping up to be the year of cryptocurrency mining malware.  Are you prepared for this threat?

Topics: Threat Detection infosec AI

Complementing Your Current SIEM Implementation

Most large organizations have already deployed a SIEM, and spent considerable money and effort doing so. While those organizations may be satisfied with their SIEM implementations, or possibly not, rip & replace for those not satisfied is almost certainly not an option—for two reasons.

Topics: AI SOC analytics SIEM

Why you need advanced analytics with your SIEM

Why do you possibly need an advanced analytics tool along with your SIEM?  Because your SIEM is not an advanced analytics platform. Your SIEM is an advanced search tool allowing you to search through your log data with sophisticated correlations.  But search advanced analytics.  Let’s dig deeper.

Topics: SOC analytics SIEM

PatternEx’s Architecture for SOC Investigations

PatternEx uses multiple open-source tools to help us provide excellent results for SOC analysts in their investigations.  And in this blog posting, I am going to give you an overview of our architecture.

Topics: machine learning AI SOC

Help for SOC Analysts - Autocorrelation

Security Incident and Event Management (SIEM) solutions have been in use for almost two decades, but the promise of SIEMs and other log search solutions remains unfulfilled (e-Security, arguably the first SIEM company, was founded in 1999 in Vienna, Virginia). SIEMs deliver analytics tools with search capability, but these tools remain limited to to providing responses to manually created questions / queries / correlations by human analysts and have not evolved beyond rule-based correlations. SIEMs have made claims about increased complexity and sophistication of such correlations through the use of wildcards, Boolean logic, RegEx, and other techniques. However, the SOC analyst remains constrained to receiving responses about his or her specific query and the correlation must be very specific in order for the signal-to-noise ratio to be acceptable. As a result, SIEMs lead to alert overload, generating thousands or millions of false positives for analysts to manually filter, investigate, and take action. In addition to being a huge drain on resources, this workflow often misses true risks (false negatives) in the deluge of alerts.

Topics: Threat Detection infosec AI SOC

Methodology of Performance Testing for the Virtual Analyst Platform for SOCs

In a previous post, I wrote about a huge decrease of more than 90 percent of false positives with PatternEx’s Supervised Learning models. While the results of this real-world performance are very impressive, the question is: how were those numbers derived? Let’s explore the methodology a bit.

Topics: Virtual Analysts AI SOC