Digital Intuition | The PatternEx Blog

Introducing the PatternEx Virtual Analyst Platform

Humans and computers need to work together to identify evolving cyberattack patterns buried in our data.

To continue this relationship, PatternEx today announces the PatternEx Virtual Analyst Platform. This new platform improves detection by 10x, reduces false positives by 5x and speeds up cybersecurity investigation times by 20x compared to existing threat-analytics platforms.

The PatternEx Virtual Analyst Platform is powered by three key features: AI2, AutoCorrelate and Custom Analytics.

Why is it a virtual analyst platform?

We named it “virtual analyst platform” because it is software that replicates analyst intuition at scale in near real time. Once you train our system it achieves human-like levels of detection precision, and this is where the fun begins: now you can create as many “virtual analysts” as your needs dictate. These analysts don’t eat, they don’t sleep, and their sole purpose is to identify suspicious behavior 24/7/365.

But the malicious attackers are humans, perpetually changing tactics and techniques to achieve their goal. Your army of virtual analysts need human SME analysts to continuously reinforce good and bad behaviors. As a result, your virtual analysts can easily detect variations in tactics and techniques and surface them to human analysts.

And these virtual analysts can share attack patterns they have learned with other PatternEx virtual analysts to train each other on new attack tactics and techniques.

PatternEx virtual analysts are backed by near real-time artificial intelligence pipelines that are geared toward predicting malicious and suspicious behaviors across various entities, tactics and time. Virtual analysts are predicting in real time what a human analyst would say if they were observing that behavior.

PatternEx Virtual Analyst Platform ingests logs from a variety of data sources such as network user, endpoint and applications and computes behaviors for a variety of entities and predict threats across a variety of tactics. It does this for attacks that can span longer time horizons.

AutoCorrelate

AutoCorrelate masked.pngAs it makes predictions about suspicious entities and surfaces them to human analysts, those analysts can give feedback and teach the system what is, or is not, an attack.

When it surfaces the suspicious entities, human analysts can confirm or deny. As humans confirm or deny, virtual analysts in the background take that feedback and update predictive models on the fly and they they explore all the relationships across various entities up to 3 degrees of separation and see ‘who else’ is doing similar activity. Virtual analysts are able to automatically correlate a given malicious or suspicious entity with other entities that are looking very similar in behavior.

The security industry has historically created correlation rules by presupposing what an attack looks like. Instead of a human saying what an attack is, machines are using input from the humans to define additional signals of an attack.

PatternEx AutoCorrelate reduces the time it takes to investigate a threat by 20x by automatically discovering new correlations and displaying them in an entity relationship graph. Once an entity has been determined to be bad or compromised, PatternEx AutoCorrelate automatically investigates thousands of relationships to identify a chain of suspicious entities that an analyst needs to navigate while investigating the vector of an attack. Notably, the chain of entities could span multiple entity types, threat tactics, and time.

Custom Analytics

During investigations, analysts often run into data from logs that they want to visualize and analyze. PatternEx custom analytics provides an easy interface into your raw logs so you can run an SQL query or run Python / Scala / Perl code to create whatever analytic you want to look at without the need to learn a custom scripting language. A set of these analytics can be saved as a report that can be shared amongst analysts to enable collaboration and threat hunting.

Create your virtual analyst army

PatternEx Virtual Analyst Platform can automate your threat detection and speed up investigation. Your army of virtual analysts comes pre-trained on certain threat vectors and is able to absorb intelligence and training from existing analysts.

PatternEx improves detection by 10x with 5x fewer false positives, and speeds up investigation times by 20x compared to existing threat-analytics platforms. You can see this improved performance outlined in our whitepaper here.

And if you’re ready to see how PatternEx can create your virtual analyst army, sign up for a demo now.

Register for the Product Webinar, October 25 at 10am PT