'Analyst intuition' used to predict existing and emerging cyber attacks in real time with better detection rates and fewer false positives.
Fresh approaches to enterprise data security are always welcome, because bad actors always seem to find workarounds for the conventional ones.
Startup PatternEx tasked itself with securing enterprise data by using a different approach: mimicking the intuition of human security analysts in real time and at scale using a new-gen artificial intelligence platform.
If you think that sounds complicated, well, you're right. Undaunted by this challenge, the San Jose, Calif.-based PatternEx officially opened for business Feb. 3 and introduced its Threat Prediction Platform that creates so-called "virtual security analysts."
"It's true that a lot of attacks are missed, which is of course well known. One of the most interesting facts about them is that the data about the attacks is always there," Uday Veeramachaneni, PatternEx CEO and co-founder, told eWEEK
. "It has been captured by the existing infrastructure. Human analysts are able to go in after the fact and they are able to figure out exactly what happened from that data.
"We haven't had systems that can get to that data in time. So that's what we set out to do—create a system that could get to that data in real time and stop the attack."
Detects, Identifies and Stops Attack in Real Time
This is what PatternEx purports to do: detect an intrusion, immediately identify what type of attack it is, and stop the attack.
During the two-year development phase of PatternEx, Veeramachaneni was able to convince a few companies with which he had good relationships to allow him to use real security data in testing. This enabled the company to get a true early line on the types of attacks its product would be facing when it eventually went live.
Based on testing using those real world data sets, Veeramachaneni said PatternEx is able to detect 10 times more threats with five times fewer false positives compared with approaches based on Machine Learning-Anomaly Detection technology.
The PatternEx secret sauce, Veeramachaneni said, introduces a new technology called Active Contextual Modeling, which synthesizes analyst intuition into predictive models. These models, when deployed across global customers, are cognitive in nature—meaning they can learn from each other and achieve a network effect in detecting attack patterns.
Fingerprints of Intruders Remain at Scene of the Crime
"The most frustrating thing in InfoSec is that the data to detect malicious behavior often already exists in enterprise infrastructures today," Veeramachaneni said. "The human analysts can detect it, but analysts are difficult to hire and are not scalable. The only way to get real time detection is to be able to mimic those analysts using artificial intelligence based on ACM technology."
The ACM tech transforms raw data into behaviors and synthesizes analyst intuition into predictive models; the platform then uses these models to make real-time predictions about specific threat vectors. The more attacks the system predicts, the more feedback it receives from the analysts, which in turn improves the accuracy of future predictions.
As the platform learns a predictive model from one customer environment, this knowledge can be transferred between enterprises to detect threats globally and converge on new attacks at faster speeds for all customers, commonly known as a network effect.
What the Platform Entails
PatternEx can be deployed on premises, in the cloud or in a private cloud, Veeramachaneni said. It includes a number of novel components combined into one platform:
--a big data platform designed for large data volumes and real time response;
--an ensemble of algorithms designed to detect rare behaviors with the goal of identifying new attacks;
--a mechanism to obtain feedback from security analysts and continuously update models with the provided feedback;
--an active learning feedback loop that continuously improves detection rates over time;
--a repository of threat intelligence that can be shared among enterprises.
Ultimately, PatternEx customers gain more visibility, detection, control of malicious behavior for both fraud and breach, without the confusing noise of false positives and the increased security staff they demand. In addition, the PatternEx Threat Prediction Platform is easy to integrate and deploy into existing security architectures, Veeramachaneni said.
Veeramachaneni is a former head of product management at Riverbed Technology. For more information, go here