Human Assisted Artificial Intelligence for InfoSec

Evolution of Infosec Intelligence

placeholder_evolution_image.png
SIEM complex rules
UBA Analytics
Human Assisted Artificial Intelligence AI

Active Contextual Modeling

Active Contextual Modeling PatternEx

Defining the ACM Analysis Process

The process of Active Contextual Modeling (ACM) facilitates communication between the artificial intelligence platform and the human analyst.

Raw data is ingested, transformed into behaviors, and run through algorithms to find rare events for an analyst for review. After investigation, an appropriate label is attached to each event by the analyst. The system learns from these labels and automatically improves detection efficacy.. 

Data models created though this process are flexible and adaptive. Event accuracy is continuously improved. Historic data is rertospectily analyzed as new knowlege is added to the system.  

Read More

 

Sources of Behavioral Data

Your attack surface is broad and is changing. Your application, identity and access management, and traditional security data sources are all important for analysis. Data models can be made up of any combination of endpoint, network, access, and identity data.
 
Additionally, threat intelligence data and existing labeled attack data also can be incorporated into the analysis. 
 

While you can get started by capturing only a few data sources, the more data sources you include, the larger the variety of attacks that can be detected.

 

Read More 

Sources of Behavioral Data Cyber Security

How a Trained AI is Like a "Virtual Analyst" 

A new AI is like hiring a fresh graduate from college—full of potential but it must be taught your enterprise's unique security environment. 

Training the AI happens when the AI presents a set of alerts to human analysts, who review the alerts and define them as  attacks or not. The analyst applies a label to the alert which trains a supervised learning model that automatically adapts and improves. This is a trained AI. 

A trained AI acts like a virtual analyst, having captured the intelligence of the analyst through labels, and then adds the power of machines: it's always-on (24x7), it can analyze huge volumes of data in real time, and it finds patterns in hyper-dimensional space.  

Read More

 

How Human Assisted AI Works PatternEx

PatternEx Use Cases

Data Exfiltration

A wide variety of methods of techniques are used to achieve the end goal of data exfiltration. Human assisted AI scales your team's analysis capabilities and learns to threat hunt. Detect and stop data exfiltration and predict attacks before they occur.

Learn More

Account Takeover

Based on credential theft and impersonation, this attack leverages valid credentials and access granted to business applicaitons. This affects brand reputation can result in the theft of intellectual property. Human assistd AI learns to watch for patterns of outlier behaviors to this type of attack in real-time.

Learn More

Lateral Movement Detection

Once attackers are inside your network, they are almost imposible to detect. This is why the average time to detection after initial compromise sits at approximately 200 days. The key to detection at this phase in the attack chain is automated accurate discovery of abnormal patterns of activity in terabytes of security relevent data using human assisted AI. 

Learn More

Polymorphic and Metamorphic Malware

Polymorphic and metamorphic malware have the capability to escape detection by changing its’ potential signature or recoding itself while inside your IT environment. Human assisted AI can help your analysts detect and follow fast changing malware in real time or in mountains of historic data.

Learn More

 

PatternEx Threat Prediction Platform: A Performance StudyPatternEx Threat Prediction Platform:
A Performance Study

Using real world data sets, we tested the Threat Prediction Platform and a set of unsupervised anomaly detection models. The results are compelling.

Download Now