Connecting the the dots across disparate pieces of seemingly unconnected bits of data, is often a core element of a successful threat hunting investigation. Security firm Polarity is taking an interesting approach to helping security researchers, with a type of technology the company calls 'human memory-augmentation' that aims to bring context and collaboration to security investigations.
As a company, Polarity was originally known as Breach Intelligence and was founded in 2012 with work beginning on the Polarity platform in 2014. On Feb. 27, Polarity announced that it raised its' initial $3.5 million round of funding led by Strategic Cyber Ventures (SCV) and Gula Tech Ventures.
Paul Battista, CEO of Polarity, explained that what his company's technology does is provide an overlay of contextually relevant and connected data. Among the key innovations that Polarity has is the company's computer vision capability, that analyzes data on the user's screen.
"The common thing that people interact with is data and the common way they interact with data is when it is displayed as pixels on a computer screen," Battista told eWEEK.
Battista explained that Polarity's technology understands what is on a given screen and then can overlay contextually relevant information on top, that can potentially be used to help further a security investigation.
The data on a screen on is put through Polarity's probabilistic algorithm and then based on the analysis, related data is found and displayed. The related data can be connected by way of a third party threat intelligence feed, or an organization's own data collection and threat investigation system. The contextual information is overlaid in a window on top of the application window that the user is working on.
There is no shortage of vendors in the market today with threat intelligence and security analytics. Battista emphasized that Polarity is not a replacement for security analytics technology.
"Where we come into play is when the results of an analytics or security workflow solution are being displayed to the user," Battista said. "That's when we come and can augment the view, so whenever a human decision is taking place that's where we're providing information to help improve decision making."
From a deployment perspective, Battista explained that most organizations will choose to run Polarity on-premises. There is a server component that can be deployed on either bare-metal or in a virtual machine, as well as a client-side component that enables the computer vision capability.
"The big innovation on our end is that we can work on top of any application," Battista said. "We're not just browser based, so if you're looking at data inside of a terminal session or a browser, we'll look at all the data the same, since we're looking at everything from the pixel level."
Given that Polarity is literally capable of reading everything on a user's screen, including potentially all keystrokes, the company has also taken multiple steps to protect privacy. Battista explained that the computer vision capability happens locally on an end-user system. He emphasized that sensitive data, such confidential documents or passwords, would never leave the host system.
Looking forward, Battista noted that the Polarity platform is updated regularly with future updates set to bring improved usability capabilities.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.