Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations

Artificial Intelligence & the Security Market

A glimpse into how two new products for intrusion detection and entity resolution are using AI to help humans do their jobs.

Machine learning, advanced heuristics, or artificial intelligence: the language is shifting but the idea that computers are taking a greater role in automating security functions is moving straight ahead. Two new product announcements demonstrate that direction in very different ways.

Aella Data and Senzing each brings a product based on AI technology to market, and in some ways the products could not be more different in purpose, intended audience, or business model. But both share a critical similarity: Each uses AI to correlate data from many different sources to present information that assists humans in doing their jobs.

Aella Data came out of stealth mode just before this year's RSA Conference. The company's product, Starlight, is billed as a virtual security analyst able to perform a breach detection across massive networks. This week, the company added multi-tenancy to the product in Starlight 2.0, which is aimed at managed security service providers that want to add the capability to the set offered to their customers, or very large enterprises that need a single intrusion alert system that can scale to global size.

In a demonstration for Dark Reading, Aella Data showed the capability to monitor and analyze data on a customer-by-customer basis while also aggregating total provider network data for the MSSP staff. A graphical interface showed alerts and warnings while also pointing staff at details such as known and suspected malware C&C servers accessed from within the network, network activity by individual endpoint devices, and both known and suspected malware active on the network.

While Starlight is intended to augment the expertise and activity of human security staff, Senzing Software "hunts for bad guys" in ways that are essentially impossible for humans to duplicate. The company's software uses AI for non-obvious relationship awareness in the service of entity resolution — essentially, figuring out whether a group of entries that might share some characteristics are actually all one entity.

Senzing, spun out of IBM two years ago and coming out of stealth this week, is led by founder and CEO Jeff Jonas, a  former IBM Fellow and chief scientist of context computing.  Jonas spoke to Dark Reading in a telephone interview, and says that the technology the company's products are built on can be used to resolve multiple intrusion attempts to an actual individual or organization, clean up a heavily-duplicated contact list, or de-duplicate entries in a state's voter registration roll.

"The AI technology required for entity resolution uses entity-centric learning," Jonas says, explaining that, in the Senzing software, "entities are only snapped together if the system is sure  — [and] uncertainty is scored as a "possible match" that can then be reviewed by human operators.

Asked about the difference between machine learning and AI, Jonas says that machine learning involves systems that use new data to make themselves more accurate, while AI describes systems that are "human smart," though he says that intelligence may lie in a very narrow context.

Both Aella Data Starlight and Senzing software are available now. Senzing offers a free version of its software for individuals with up to 10,000 records to match.

Related Content:

Why Cybercriminals Attack: A DARK READING VIRTUAL EVENT Wednesday, June 27. Industry experts will offer a range of information and insight on who the bad guys are – and why they might be targeting your enterprise. Go here for more information on this free event.

Curtis Franklin Jr. is Senior Editor at Dark Reading. In this role he focuses on product and technology coverage for the publication. In addition he works on audio and video programming for Dark Reading and contributes to activities at Interop ITX, Black Hat, INsecurity, and ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 5/28/2020
Stay-at-Home Orders Coincide With Massive DNS Surge
Robert Lemos, Contributing Writer,  5/27/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-11844
PUBLISHED: 2020-05-29
There is an Incorrect Authorization vulnerability in Micro Focus Service Management Automation (SMA) product affecting version 2018.05 to 2020.02. The vulnerability could be exploited to provide unauthorized access to the Container Deployment Foundation.
CVE-2020-6937
PUBLISHED: 2020-05-29
A Denial of Service vulnerability in MuleSoft Mule CE/EE 3.8.x, 3.9.x, and 4.x released before April 7, 2020, could allow remote attackers to submit data which can lead to resource exhaustion.
CVE-2020-7648
PUBLISHED: 2020-05-29
All versions of snyk-broker before 4.72.2 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users who have access to Snyk's internal network by appending the URL with a fragment identifier and a whitelisted path e.g. `#package.json`
CVE-2020-7650
PUBLISHED: 2020-05-29
All versions of snyk-broker after 4.72.0 including and before 4.73.1 are vulnerable to Arbitrary File Read. It allows arbitrary file reads to users with access to Snyk's internal network of any files ending in the following extensions: yaml, yml or json.
CVE-2020-7654
PUBLISHED: 2020-05-29
All versions of snyk-broker before 4.73.1 are vulnerable to Information Exposure. It logs private keys if logging level is set to DEBUG.