Operations

Artificial Intelligence & the Security Market

A glimpse into how two new products for intrusion detection and entity resolution are using AI to help humans do their jobs.

Machine learning, advanced heuristics, or artificial intelligence: the language is shifting but the idea that computers are taking a greater role in automating security functions is moving straight ahead. Two new product announcements demonstrate that direction in very different ways.

Aella Data and Senzing each brings a product based on AI technology to market, and in some ways the products could not be more different in purpose, intended audience, or business model. But both share a critical similarity: Each uses AI to correlate data from many different sources to present information that assists humans in doing their jobs.

Aella Data came out of stealth mode just before this year's RSA Conference. The company's product, Starlight, is billed as a virtual security analyst able to perform a breach detection across massive networks. This week, the company added multi-tenancy to the product in Starlight 2.0, which is aimed at managed security service providers that want to add the capability to the set offered to their customers, or very large enterprises that need a single intrusion alert system that can scale to global size.

In a demonstration for Dark Reading, Aella Data showed the capability to monitor and analyze data on a customer-by-customer basis while also aggregating total provider network data for the MSSP staff. A graphical interface showed alerts and warnings while also pointing staff at details such as known and suspected malware C&C servers accessed from within the network, network activity by individual endpoint devices, and both known and suspected malware active on the network.

While Starlight is intended to augment the expertise and activity of human security staff, Senzing Software "hunts for bad guys" in ways that are essentially impossible for humans to duplicate. The company's software uses AI for non-obvious relationship awareness in the service of entity resolution — essentially, figuring out whether a group of entries that might share some characteristics are actually all one entity.

Senzing, spun out of IBM two years ago and coming out of stealth this week, is led by founder and CEO Jeff Jonas, a  former IBM Fellow and chief scientist of context computing.  Jonas spoke to Dark Reading in a telephone interview, and says that the technology the company's products are built on can be used to resolve multiple intrusion attempts to an actual individual or organization, clean up a heavily-duplicated contact list, or de-duplicate entries in a state's voter registration roll.

"The AI technology required for entity resolution uses entity-centric learning," Jonas says, explaining that, in the Senzing software, "entities are only snapped together if the system is sure  — [and] uncertainty is scored as a "possible match" that can then be reviewed by human operators.

Asked about the difference between machine learning and AI, Jonas says that machine learning involves systems that use new data to make themselves more accurate, while AI describes systems that are "human smart," though he says that intelligence may lie in a very narrow context.

Both Aella Data Starlight and Senzing software are available now. Senzing offers a free version of its software for individuals with up to 10,000 records to match.

Related Content:

Why Cybercriminals Attack: A DARK READING VIRTUAL EVENT Wednesday, June 27. Industry experts will offer a range of information and insight on who the bad guys are – and why they might be targeting your enterprise. Go here for more information on this free event.

Curtis Franklin Jr. is Senior Editor at Dark Reading. In this role he focuses on product and technology coverage for the publication. In addition he works on audio and video programming for Dark Reading and contributes to activities at Interop ITX, Black Hat, INsecurity, and ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Valentine's Emails Laced with Gandcrab Ransomware
Kelly Sheridan, Staff Editor, Dark Reading,  2/14/2019
High Stress Levels Impacting CISOs Physically, Mentally
Jai Vijayan, Freelance writer,  2/14/2019
Mozilla, Internet Society and Others Pressure Retailers to Demand Secure IoT Products
Curtis Franklin Jr., Senior Editor at Dark Reading,  2/14/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-3812
PUBLISHED: 2019-02-19
QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc() function. A local attacker with permission to execute i2c commands could exploit this to read stack memory of the qemu process on the host.
CVE-2019-8933
PUBLISHED: 2019-02-19
In DedeCMS 5.7SP2, attackers can upload a .php file to the uploads/ directory (without being blocked by the Web Application Firewall), and then execute this file, via this sequence of steps: visiting the management page, clicking on the template, clicking on Default Template Management, clicking on ...
CVE-2019-7629
PUBLISHED: 2019-02-18
Stack-based buffer overflow in the strip_vt102_codes function in TinTin++ 2.01.6 and WinTin++ 2.01.6 allows remote attackers to execute arbitrary code by sending a long message to the client.
CVE-2019-8919
PUBLISHED: 2019-02-18
The seadroid (aka Seafile Android Client) application through 2.2.13 for Android always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks.
CVE-2019-8917
PUBLISHED: 2019-02-18
SolarWinds Orion NPM before 12.4 suffers from a SYSTEM remote code execution vulnerability in the OrionModuleEngine service. This service establishes a NetTcpBinding endpoint that allows remote, unauthenticated clients to connect and call publicly exposed methods. The InvokeActionMethod method may b...