Operations

6/21/2018
03:30 PM
50%
50%

Artificial Intelligence & the Security Market

A glimpse into how two new products for intrusion detection and entity resolution are using AI to help humans do their jobs.

Machine learning, advanced heuristics, or artificial intelligence: the language is shifting but the idea that computers are taking a greater role in automating security functions is moving straight ahead. Two new product announcements demonstrate that direction in very different ways.

Aella Data and Senzing each brings a product based on AI technology to market, and in some ways the products could not be more different in purpose, intended audience, or business model. But both share a critical similarity: Each uses AI to correlate data from many different sources to present information that assists humans in doing their jobs.

Aella Data came out of stealth mode just before this year's RSA Conference. The company's product, Starlight, is billed as a virtual security analyst able to perform a breach detection across massive networks. This week, the company added multi-tenancy to the product in Starlight 2.0, which is aimed at managed security service providers that want to add the capability to the set offered to their customers, or very large enterprises that need a single intrusion alert system that can scale to global size.

In a demonstration for Dark Reading, Aella Data showed the capability to monitor and analyze data on a customer-by-customer basis while also aggregating total provider network data for the MSSP staff. A graphical interface showed alerts and warnings while also pointing staff at details such as known and suspected malware C&C servers accessed from within the network, network activity by individual endpoint devices, and both known and suspected malware active on the network.

While Starlight is intended to augment the expertise and activity of human security staff, Senzing Software "hunts for bad guys" in ways that are essentially impossible for humans to duplicate. The company's software uses AI for non-obvious relationship awareness in the service of entity resolution — essentially, figuring out whether a group of entries that might share some characteristics are actually all one entity.

Senzing, spun out of IBM two years ago and coming out of stealth this week, is led by founder and CEO Jeff Jonas, a  former IBM Fellow and chief scientist of context computing.  Jonas spoke to Dark Reading in a telephone interview, and says that the technology the company's products are built on can be used to resolve multiple intrusion attempts to an actual individual or organization, clean up a heavily-duplicated contact list, or de-duplicate entries in a state's voter registration roll.

"The AI technology required for entity resolution uses entity-centric learning," Jonas says, explaining that, in the Senzing software, "entities are only snapped together if the system is sure  — [and] uncertainty is scored as a "possible match" that can then be reviewed by human operators.

Asked about the difference between machine learning and AI, Jonas says that machine learning involves systems that use new data to make themselves more accurate, while AI describes systems that are "human smart," though he says that intelligence may lie in a very narrow context.

Both Aella Data Starlight and Senzing software are available now. Senzing offers a free version of its software for individuals with up to 10,000 records to match.

Related Content:

Why Cybercriminals Attack: A DARK READING VIRTUAL EVENT Wednesday, June 27. Industry experts will offer a range of information and insight on who the bad guys are – and why they might be targeting your enterprise. Go here for more information on this free event.

Curtis Franklin Jr. is Senior Editor at Dark Reading. In this role he focuses on product and technology coverage for the publication. In addition he works on audio and video programming for Dark Reading and contributes to activities at Interop ITX, Black Hat, INsecurity, and ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
What We Talk About When We Talk About Risk
Jack Jones, Chairman, FAIR Institute,  7/11/2018
Major International Airport System Access Sold for $10 on Dark Web
Kelly Sheridan, Staff Editor, Dark Reading,  7/11/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
The State of IT and Cybersecurity
The State of IT and Cybersecurity
IT and security are often viewed as different disciplines - and different departments. Find out what our survey data revealed, read the report today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-14373
PUBLISHED: 2018-07-17
An issue was discovered in LibTIFF 4.0.9. In TIFFFindField in tif_dirinfo.c, the structure tif is being dereferenced without first checking that the structure is not empty and has the requested fields (tif_foundfield). In the call sequences following from the affected library functions (TIFFVGetFiel...
CVE-2018-14374
PUBLISHED: 2018-07-17
An issue was discovered in LibTIFF 4.0.9. A buffer overflow can occur via an empty fmt argument to unixErrorHandler in tif_unix.c, and it can be exploited (at a minimum) via the following high-level library API functions: TIFFClientOpen, TIFFFdOpen, TIFFRawStripSize, TIFFCheckTile, TIFFComputeStrip,...
CVE-2018-14375
PUBLISHED: 2018-07-17
An issue was discovered in LibTIFF 4.0.9. A buffer overflow vulnerability can occur via an invalid or empty tif argument to TIFFRGBAImageOK in tif_getimage.c, and it can be exploited (at a minimum) via the following high-level library API functions: TIFFReadRGBAImage, TIFFRGBAImageOK, and TIFFRGBAIm...
CVE-2018-14378
PUBLISHED: 2018-07-17
An issue was discovered in LibTIFF 4.0.9. A buffer overflow can occur via an invalid or empty tif argument to TIFFWriteBufferSetup in tif_write.c, and it can be exploited (at a minimum) via the following high-level library API function: TIFFWriteTile.
CVE-2018-14363
PUBLISHED: 2018-07-17
An issue was discovered in NeoMutt before 2018-07-16. newsrc.c does not properly restrict '/' characters that may have unsafe interaction with cache pathnames.