Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

Mist Computing Startup Distributes Security AI to the Network Edge

MistNet, founded by former Juniper employees, moves AI processing to the network edge to build distributed detection and analysis models for security.

AI-based startup MistNet is moving intelligence to the edge of the network in an attempt to speed recognition of malicious and suspicious activity and reduce the amount of data that has to be moved from edge to cloud for analysis, storage, and forensics. This week's closing of a $7 million Series A funding round will help it put that intelligence into the field.

MistNet, founded by a team who met while working at Juniper Networks, dubs the technology "mist computing" and its application in its products "CyberMist." CyberMist uses a distributed analytical mesh that has artificial intelligence (AI)-based analysis occurring at the edge of the network under the control of a central, cloud-based manager.

CyberMist will typically be used to deliver information to security analysts for their work, according to the company. Although integration tools are available to link CyberMist to remediation systems, "We don't want to be the the automation end of a SOAR [security orchestration, automation, and response solution]. We have integrations with the major SOARs, and we can automate do automatic remediation on that basis," says CyberMist president and CEO Geoffrey Mattson.

Mattson says more traditional hub-and-spoke architectures make it more difficult to use data from a wide variety (and large number) of data sensors because of the sheer volume of data that must flow from the sensors to a central processor.

"They usually tap the network and look at the raw network data," Mattson explains. "They often have agents that allow them to look at specific users' behavior, and they tend to focus on that rather than the output of all the various security appliances." And that narrow focus is just one of the issues he sees coming from the limitations on how much data most monitoring systems can scan in real time.

"Technically, it's very difficult to have a separate overlay network to stream very large amounts of data in real time," he says. "By the time you actually get it to the data center, you've lost a lot of the context. You lose spatial and temporal locality that can be very helpful in putting pieces of the puzzle together."

One of the characteristics of mist computing, Mattson says, is that the edge nodes share a single, sharded, geographically distributed database. They also continually share modeling information so that each edge node has global awareness of conditions and activities on the network.

"We can keep hot data without moving it," Mattson says. "You can call it up instantly, but we don't have to move it back to a central repository." The result is that customers can have real-time access for their own investigations or exploration of events that are occurring, while the MistNet system retains real-time access to do its own modeling and AI processing. 

MistNet dubs the technology for its distributed AI modeling "TensorMist-AI," for which it has applied for a patent. According to the company, TensorMist-AI leverages technology in Google TensorFlow and Apache Spark that it deploys in a mist computing architecture.

The edge nodes each contain sensor and compute functions in the mist computing architecture. In most cases, the product of the modeling run in those edge nodes — not the raw data — will be sent back to a central controlling and storage facility where more complex AI models are created and used for processing. Customers that want the raw edge data stored for potential forensic analysis have an option to do so, Mattson says.

Related Content:

Curtis Franklin Jr. is Senior Editor at Dark Reading. In this role he focuses on product and technology coverage for the publication. In addition he works on audio and video programming for Dark Reading and contributes to activities at Interop ITX, Black Hat, INsecurity, and ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
tdsan
50%
50%
tdsan,
User Rank: Ninja
6/29/2019 | 2:32:45 PM
Re: Prediction
Ryan, good point. But I think PA (PaloAlto) have something similar to this called Prisma Access (formerly Global Protect), it is not AI but they have a layer where the security concepts are put in a cloud layer but the results are shared among mobile and remote devices (Shared DB or InnoDB would work as well).

CyberSecurity Architecture

One thing I would say about AI, the term is not being used correctly. It is machine learning and not AI. ML is a subcomponent of AI. By definition:

Machine learning (ML) is the scientific study of algorithms and statistical models that computer systems use in order to perform a specific task effectively without using explicit instructions, relying on patterns and inference instead. It is seen as a subset of artificial intelligence. Machine learning algorithms build a mathematical model based on sample data, known as "training data", in order to make predictions or decisions without being explicitly programmed to perform the task.[1][2]:2 Machine learning algorithms are used in a wide variety of applications, such as email filtering, and computer vision, where it is infeasible to develop an algorithm of specific instructions for performing the task. Machine learning is closely related to computational statistics, which focuses on making predictions using computers. The study of mathematical optimization delivers methods, theory and application domains to the field of machine learning. Data mining is a field of study within machine learning, and focuses on exploratory data analysis through unsupervised learning.[3][4] In its application across business problems, machine learning is also referred to as predictive analytics. - Wikipedia.org.

When we refer to AI, it means the system is self aware and it is able to make decisions without the intervention of a human (it thinks like a human). It can provide an instant response to a threat because it has taken information from numerous resources, created a prioritized depth chart with varying threat percentages from a list of past models and threats. This analysis helps the system determine if it is the same threat experienced by others or a zero day attack. Then it looks into a resolution DB (Deep Learning or Machine Learning) or it identifies areas on the internet as to how to deal with the threat, it communicates that with the human element and rectifys the problem using ML/DL experiences.

I think individuals are mixing the concepts up and not really understanding the differences between the two, a chart has been provided to help individuals understand the differnt between the three areas.

AI, ML, Deep Learning
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
5/31/2019 | 3:44:11 PM
Prediction
I predict that if Palo Alto Netowrks doesn't start mirroring this in house they will acquire this company to add to their portfolio. The two sound like they should go hand in hand.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 6/5/2020
Abandoned Apps May Pose Security Risk to Mobile Devices
Robert Lemos, Contributing Writer,  5/29/2020
How AI and Automation Can Help Bridge the Cybersecurity Talent Gap
Peter Barker, Chief Product Officer at ForgeRock,  6/1/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: What? IT said I needed virus protection!
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13842
PUBLISHED: 2020-06-05
An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 (MTK chipsets). A dangerous AT command was made available even though it is unused. The LG ID is LVE-SMP-200010 (June 2020).
CVE-2020-13843
PUBLISHED: 2020-06-05
An issue was discovered on LG mobile devices with Android OS software before 2020-06-01. Local users can cause a denial of service because checking of the userdata partition is mishandled. The LG ID is LVE-SMP-200014 (June 2020).
CVE-2020-13839
PUBLISHED: 2020-06-05
An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 (MTK chipsets). Code execution can occur via a custom AT command handler buffer overflow. The LG ID is LVE-SMP-200007 (June 2020).
CVE-2020-13840
PUBLISHED: 2020-06-05
An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 (MTK chipsets). Code execution can occur via an MTK AT command handler buffer overflow. The LG ID is LVE-SMP-200008 (June 2020).
CVE-2020-13841
PUBLISHED: 2020-06-05
An issue was discovered on LG mobile devices with Android OS 9 and 10 (MTK chipsets). An AT command handler allows attackers to bypass intended access restrictions. The LG ID is LVE-SMP-200009 (June 2020).