Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

Mist Computing Startup Distributes Security AI to the Network Edge

MistNet, founded by former Juniper employees, moves AI processing to the network edge to build distributed detection and analysis models for security.

AI-based startup MistNet is moving intelligence to the edge of the network in an attempt to speed recognition of malicious and suspicious activity and reduce the amount of data that has to be moved from edge to cloud for analysis, storage, and forensics. This week's closing of a $7 million Series A funding round will help it put that intelligence into the field.

MistNet, founded by a team who met while working at Juniper Networks, dubs the technology "mist computing" and its application in its products "CyberMist." CyberMist uses a distributed analytical mesh that has artificial intelligence (AI)-based analysis occurring at the edge of the network under the control of a central, cloud-based manager.

CyberMist will typically be used to deliver information to security analysts for their work, according to the company. Although integration tools are available to link CyberMist to remediation systems, "We don't want to be the the automation end of a SOAR [security orchestration, automation, and response solution]. We have integrations with the major SOARs, and we can automate do automatic remediation on that basis," says CyberMist president and CEO Geoffrey Mattson.

Mattson says more traditional hub-and-spoke architectures make it more difficult to use data from a wide variety (and large number) of data sensors because of the sheer volume of data that must flow from the sensors to a central processor.

"They usually tap the network and look at the raw network data," Mattson explains. "They often have agents that allow them to look at specific users' behavior, and they tend to focus on that rather than the output of all the various security appliances." And that narrow focus is just one of the issues he sees coming from the limitations on how much data most monitoring systems can scan in real time.

"Technically, it's very difficult to have a separate overlay network to stream very large amounts of data in real time," he says. "By the time you actually get it to the data center, you've lost a lot of the context. You lose spatial and temporal locality that can be very helpful in putting pieces of the puzzle together."

One of the characteristics of mist computing, Mattson says, is that the edge nodes share a single, sharded, geographically distributed database. They also continually share modeling information so that each edge node has global awareness of conditions and activities on the network.

"We can keep hot data without moving it," Mattson says. "You can call it up instantly, but we don't have to move it back to a central repository." The result is that customers can have real-time access for their own investigations or exploration of events that are occurring, while the MistNet system retains real-time access to do its own modeling and AI processing. 

MistNet dubs the technology for its distributed AI modeling "TensorMist-AI," for which it has applied for a patent. According to the company, TensorMist-AI leverages technology in Google TensorFlow and Apache Spark that it deploys in a mist computing architecture.

The edge nodes each contain sensor and compute functions in the mist computing architecture. In most cases, the product of the modeling run in those edge nodes — not the raw data — will be sent back to a central controlling and storage facility where more complex AI models are created and used for processing. Customers that want the raw edge data stored for potential forensic analysis have an option to do so, Mattson says.

Related Content:

Curtis Franklin Jr. is Senior Editor at Dark Reading. In this role he focuses on product and technology coverage for the publication. In addition he works on audio and video programming for Dark Reading and contributes to activities at Interop ITX, Black Hat, INsecurity, and ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
tdsan
50%
50%
tdsan,
User Rank: Ninja
6/29/2019 | 2:32:45 PM
Re: Prediction
Ryan, good point. But I think PA (PaloAlto) have something similar to this called Prisma Access (formerly Global Protect), it is not AI but they have a layer where the security concepts are put in a cloud layer but the results are shared among mobile and remote devices (Shared DB or InnoDB would work as well).

CyberSecurity Architecture

One thing I would say about AI, the term is not being used correctly. It is machine learning and not AI. ML is a subcomponent of AI. By definition:

Machine learning (ML) is the scientific study of algorithms and statistical models that computer systems use in order to perform a specific task effectively without using explicit instructions, relying on patterns and inference instead. It is seen as a subset of artificial intelligence. Machine learning algorithms build a mathematical model based on sample data, known as "training data", in order to make predictions or decisions without being explicitly programmed to perform the task.[1][2]:2 Machine learning algorithms are used in a wide variety of applications, such as email filtering, and computer vision, where it is infeasible to develop an algorithm of specific instructions for performing the task. Machine learning is closely related to computational statistics, which focuses on making predictions using computers. The study of mathematical optimization delivers methods, theory and application domains to the field of machine learning. Data mining is a field of study within machine learning, and focuses on exploratory data analysis through unsupervised learning.[3][4] In its application across business problems, machine learning is also referred to as predictive analytics. - Wikipedia.org.

When we refer to AI, it means the system is self aware and it is able to make decisions without the intervention of a human (it thinks like a human). It can provide an instant response to a threat because it has taken information from numerous resources, created a prioritized depth chart with varying threat percentages from a list of past models and threats. This analysis helps the system determine if it is the same threat experienced by others or a zero day attack. Then it looks into a resolution DB (Deep Learning or Machine Learning) or it identifies areas on the internet as to how to deal with the threat, it communicates that with the human element and rectifys the problem using ML/DL experiences.

I think individuals are mixing the concepts up and not really understanding the differences between the two, a chart has been provided to help individuals understand the differnt between the three areas.

AI, ML, Deep Learning
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
5/31/2019 | 3:44:11 PM
Prediction
I predict that if Palo Alto Netowrks doesn't start mirroring this in house they will acquire this company to add to their portfolio. The two sound like they should go hand in hand.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/10/2020
Researcher Finds New Office Macro Attacks for MacOS
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/7/2020
Healthcare Industry Sees Respite From Attacks in First Half of 2020
Robert Lemos, Contributing Writer,  8/13/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: It's a technique known as breaking out of the sandbox kids.
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-20383
PUBLISHED: 2020-08-13
ABBYY network license server in ABBYY FineReader 15 before Release 4 (aka 15.0.112.2130) allows escalation of privileges by local users via manipulations involving files and using symbolic links.
CVE-2020-24348
PUBLISHED: 2020-08-13
njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_json_stringify_iterator in njs_json.c.
CVE-2020-24349
PUBLISHED: 2020-08-13
njs through 0.4.3, used in NGINX, allows control-flow hijack in njs_value_property in njs_value.c. NOTE: the vendor considers the issue to be "fluff" in the NGINX use case because there is no remote attack surface.
CVE-2020-7360
PUBLISHED: 2020-08-13
An Uncontrolled Search Path Element (CWE-427) vulnerability in SmartControl version 4.3.15 and versions released before April 15, 2020 may allow an authenticated user to escalate privileges by placing a specially crafted DLL file in the search path. This issue was fixed in version 1.0.7, which was r...
CVE-2020-24342
PUBLISHED: 2020-08-13
Lua through 5.4.0 allows a stack redzone cross in luaO_pushvfstring because a protection mechanism wrongly calls luaD_callnoyield twice in a row.