Operations

6/21/2018
03:30 PM
50%
50%

Artificial Intelligence & the Security Market

A glimpse into how two new products for intrusion detection and entity resolution are using AI to help humans do their jobs.

Machine learning, advanced heuristics, or artificial intelligence: the language is shifting but the idea that computers are taking a greater role in automating security functions is moving straight ahead. Two new product announcements demonstrate that direction in very different ways.

Aella Data and Senzing each brings a product based on AI technology to market, and in some ways the products could not be more different in purpose, intended audience, or business model. But both share a critical similarity: Each uses AI to correlate data from many different sources to present information that assists humans in doing their jobs.

Aella Data came out of stealth mode just before this year's RSA Conference. The company's product, Starlight, is billed as a virtual security analyst able to perform a breach detection across massive networks. This week, the company added multi-tenancy to the product in Starlight 2.0, which is aimed at managed security service providers that want to add the capability to the set offered to their customers, or very large enterprises that need a single intrusion alert system that can scale to global size.

In a demonstration for Dark Reading, Aella Data showed the capability to monitor and analyze data on a customer-by-customer basis while also aggregating total provider network data for the MSSP staff. A graphical interface showed alerts and warnings while also pointing staff at details such as known and suspected malware C&C servers accessed from within the network, network activity by individual endpoint devices, and both known and suspected malware active on the network.

While Starlight is intended to augment the expertise and activity of human security staff, Senzing Software "hunts for bad guys" in ways that are essentially impossible for humans to duplicate. The company's software uses AI for non-obvious relationship awareness in the service of entity resolution — essentially, figuring out whether a group of entries that might share some characteristics are actually all one entity.

Senzing, spun out of IBM two years ago and coming out of stealth this week, is led by founder and CEO Jeff Jonas, a  former IBM Fellow and chief scientist of context computing.  Jonas spoke to Dark Reading in a telephone interview, and says that the technology the company's products are built on can be used to resolve multiple intrusion attempts to an actual individual or organization, clean up a heavily-duplicated contact list, or de-duplicate entries in a state's voter registration roll.

"The AI technology required for entity resolution uses entity-centric learning," Jonas says, explaining that, in the Senzing software, "entities are only snapped together if the system is sure  — [and] uncertainty is scored as a "possible match" that can then be reviewed by human operators.

Asked about the difference between machine learning and AI, Jonas says that machine learning involves systems that use new data to make themselves more accurate, while AI describes systems that are "human smart," though he says that intelligence may lie in a very narrow context.

Both Aella Data Starlight and Senzing software are available now. Senzing offers a free version of its software for individuals with up to 10,000 records to match.

Related Content:

Why Cybercriminals Attack: A DARK READING VIRTUAL EVENT Wednesday, June 27. Industry experts will offer a range of information and insight on who the bad guys are – and why they might be targeting your enterprise. Go here for more information on this free event.

Curtis Franklin Jr. is Senior Editor at Dark Reading. In this role he focuses on product and technology coverage for the publication. In addition he works on audio and video programming for Dark Reading and contributes to activities at Interop ITX, Black Hat, INsecurity, and ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
New Cold Boot Attack Gives Hackers the Keys to PCs, Macs
Kelly Sheridan, Staff Editor, Dark Reading,  9/13/2018
Yahoo Class-Action Suits Set for Settlement
Dark Reading Staff 9/17/2018
RDP Ports Prove Hot Commodities on the Dark Web
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
How Data Breaches Affect the Enterprise
How Data Breaches Affect the Enterprise
This report, offers new data on the frequency of data breaches, the losses they cause, and the steps that organizations are taking to prevent them in the future. Read the report today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-3912
PUBLISHED: 2018-09-18
Bypassing password security vulnerability in McAfee Application and Change Control (MACC) 7.0.1 and 6.2.0 allows authenticated users to perform arbitrary command execution via a command-line utility.
CVE-2018-6690
PUBLISHED: 2018-09-18
Accessing, modifying, or executing executable files vulnerability in Microsoft Windows client in McAfee Application and Change Control (MACC) 8.0.0 Hotfix 4 and earlier allows authenticated users to execute arbitrary code via file transfer from external system.
CVE-2018-6693
PUBLISHED: 2018-09-18
An unprivileged user can delete arbitrary files on a Linux system running ENSLTP 10.5.1, 10.5.0, and 10.2.3 Hotfix 1246778 and earlier. By exploiting a time of check to time of use (TOCTOU) race condition during a specific scanning sequence, the unprivileged user is able to perform a privilege escal...
CVE-2018-16515
PUBLISHED: 2018-09-18
Matrix Synapse before 0.33.3.1 allows remote attackers to spoof events and possibly have unspecified other impacts by leveraging improper transaction and event signature validation.
CVE-2018-16794
PUBLISHED: 2018-09-18
Microsoft ADFS 4.0 Windows Server 2016 and previous (Active Directory Federation Services) has an SSRF vulnerability via the txtBoxEmail parameter in /adfs/ls.