A new AI is like hiring a fresh graduate from college—full of potential but it must be taught your enterprise's unique security environment.
Training the AI happens when the AI presents a set of alerts to human analysts, who review the alerts and define them as attacks or not. The analyst applies a label to the alert which trains a supervised learning model that automatically adapts and improves. This is a trained AI.
A trained AI acts like a virtual analyst, having captured the intelligence of the analyst through labels, and then adds the power of machines: it's always-on (24x7), it can analyze huge volumes of data in real time, and it finds patterns in hyper-dimensional space.
PatternEx transforms log data from multiple sources into behaviors, and then has "AI Pipelines" analyze that data in near real time.
PatternEx leverages Spark Streaming, high performance file systems, and distributed compute and data tiers. The entire solution uses RESTful APIs for easy integration.
The UI is designed to enable your analysts to determine if a behavior pattern is malicous or not, and then capture that input to further train/tune the AI models.
The AI2 process facilitates communication between the artificial intelligence platform and the human analyst.
Raw data is ingested, transformed into behaviors, and run through algorithms to find rare events for an analyst for review. After investigation, an appropriate label is attached to each event by the analyst. The system learns from these labels and automatically improves detection efficacy.
Data models created though this process are flexible and adaptive. Event accuracy is continuously improved. Historic data is retrospectively analyzed as new knowlege is added to the system.
PatternEx AutoCorrelate reduces the time it takes to investigate a threat by 20x by automatically discovering new correlations and displaying the entity relationships in an intuitive graph.
Once an entity has been determined to be bad or compromised, PatternEx AutoCorrelate automatically investigates thousands of relationships to identify a chain of suspicious entities that an analyst needs to navigate while investigating the vector of an attack. These relationships may span multiple entity types, threat tactics, and time.
PatternEx Custom Analytics, gives users the ability to do deeper analysis or extract complex analytics from raw logs. Analysts can:
Your attack surface is broad and is changing. Your application, identity and access management, and traditional security data sources are all important for analysis. Data models can be made up of any combination of endpoint, network, access, and identity data.
Additionally, threat intelligence data and existing labeled attack data also can be incorporated into the analysis.
While you can get started by capturing only a few data sources, the more data sources you include, the larger the variety of attacks that can be detected.
A wide variety of methods of techniques are used to achieve the end goal of data exfiltration. Human assisted AI scales your team's analysis capabilities and learns to threat hunt. Detect and stop data exfiltration and predict attacks before they occur.
Based on credential theft and impersonation, this attack leverages valid credentials and access granted to business applicaitons. This affects brand reputation can result in the theft of intellectual property. Human assistd AI learns to watch for patterns of outlier behaviors to this type of attack in real-time.
Once attackers are inside your network, they are almost imposible to detect. This is why the average time to detection after initial compromise sits at approximately 200 days. The key to detection at this phase in the attack chain is automated accurate discovery of abnormal patterns of activity in terabytes of security relevent data using human assisted AI.
Polymorphic and metamorphic malware have the capability to escape detection by changing its’ potential signature or recoding itself while inside your IT environment. Human assisted AI can help your analysts detect and follow fast changing malware in real time or in mountains of historic data.
PatternEx Virtual Analyst Platform Architecture
Learn how PatternEx dynamically accepts security analysts feedback to create predictive models that continuously adapt to detect new and existing threats. Using this feedback PatternEx is continuously trained to improve detection accuracy. Download the white paper to learn more.