Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations

Artificial Intelligence & the Security Market

A glimpse into how two new products for intrusion detection and entity resolution are using AI to help humans do their jobs.

Machine learning, advanced heuristics, or artificial intelligence: the language is shifting but the idea that computers are taking a greater role in automating security functions is moving straight ahead. Two new product announcements demonstrate that direction in very different ways.

Aella Data and Senzing each brings a product based on AI technology to market, and in some ways the products could not be more different in purpose, intended audience, or business model. But both share a critical similarity: Each uses AI to correlate data from many different sources to present information that assists humans in doing their jobs.

Aella Data came out of stealth mode just before this year's RSA Conference. The company's product, Starlight, is billed as a virtual security analyst able to perform a breach detection across massive networks. This week, the company added multi-tenancy to the product in Starlight 2.0, which is aimed at managed security service providers that want to add the capability to the set offered to their customers, or very large enterprises that need a single intrusion alert system that can scale to global size.

In a demonstration for Dark Reading, Aella Data showed the capability to monitor and analyze data on a customer-by-customer basis while also aggregating total provider network data for the MSSP staff. A graphical interface showed alerts and warnings while also pointing staff at details such as known and suspected malware C&C servers accessed from within the network, network activity by individual endpoint devices, and both known and suspected malware active on the network.

While Starlight is intended to augment the expertise and activity of human security staff, Senzing Software "hunts for bad guys" in ways that are essentially impossible for humans to duplicate. The company's software uses AI for non-obvious relationship awareness in the service of entity resolution — essentially, figuring out whether a group of entries that might share some characteristics are actually all one entity.

Senzing, spun out of IBM two years ago and coming out of stealth this week, is led by founder and CEO Jeff Jonas, a  former IBM Fellow and chief scientist of context computing.  Jonas spoke to Dark Reading in a telephone interview, and says that the technology the company's products are built on can be used to resolve multiple intrusion attempts to an actual individual or organization, clean up a heavily-duplicated contact list, or de-duplicate entries in a state's voter registration roll.

"The AI technology required for entity resolution uses entity-centric learning," Jonas says, explaining that, in the Senzing software, "entities are only snapped together if the system is sure  — [and] uncertainty is scored as a "possible match" that can then be reviewed by human operators.

Asked about the difference between machine learning and AI, Jonas says that machine learning involves systems that use new data to make themselves more accurate, while AI describes systems that are "human smart," though he says that intelligence may lie in a very narrow context.

Both Aella Data Starlight and Senzing software are available now. Senzing offers a free version of its software for individuals with up to 10,000 records to match.

Related Content:

Why Cybercriminals Attack: A DARK READING VIRTUAL EVENT Wednesday, June 27. Industry experts will offer a range of information and insight on who the bad guys are – and why they might be targeting your enterprise. Go here for more information on this free event.

Curtis Franklin Jr. is Senior Editor at Dark Reading. In this role he focuses on product and technology coverage for the publication. In addition he works on audio and video programming for Dark Reading and contributes to activities at Interop ITX, Black Hat, INsecurity, and ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
44% of Security Threats Start in the Cloud
Kelly Sheridan, Staff Editor, Dark Reading,  2/19/2020
Zero-Factor Authentication: Owning Our Data
Nick Selby, Chief Security Officer at Paxos Trust Company,  2/19/2020
Firms Improve Threat Detection but Face Increasingly Disruptive Attacks
Robert Lemos, Contributing Writer,  2/20/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9351
PUBLISHED: 2020-02-23
An issue was discovered in SmartClient 12.0. If an unauthenticated attacker makes a POST request to /tools/developerConsoleOperations.jsp or /isomorphic/IDACall with malformed XML data in the _transaction parameter, the server replies with a verbose error showing where the application resides (the a...
CVE-2020-9352
PUBLISHED: 2020-02-23
An issue was discovered in SmartClient 12.0. Unauthenticated exploitation of blind XXE can occur in the downloadWSDL feature by sending a POST request to /tools/developerConsoleOperations.jsp with a valid payload in the _transaction parameter.
CVE-2020-9353
PUBLISHED: 2020-02-23
An issue was discovered in SmartClient 12.0. The Remote Procedure Call (RPC) loadFile provided by the console functionality on the /tools/developerConsoleOperations.jsp (or /isomorphic/IDACall) URL is affected by unauthenticated Local File Inclusion via directory-traversal sequences in the elem XML ...
CVE-2020-9354
PUBLISHED: 2020-02-23
An issue was discovered in SmartClient 12.0. The Remote Procedure Call (RPC) saveFile provided by the console functionality on the /tools/developerConsoleOperations.jsp (or /isomorphic/IDACall) URL allows an unauthenticated attacker to overwrite files via vectors involving an XML comment and /.. pat...
CVE-2020-9355
PUBLISHED: 2020-02-23
danfruehauf NetworkManager-ssh before 1.2.11 allows privilege escalation because extra options are mishandled.