03 August 2017
Blogs by author: Alex Healing , Chief Researcher of Security Visual Analytics, BT
The task of identifying novel threats is a constant test for even the most experienced cyber security analysts. To add another layer of complexity, the variety and volume of data deemed useful for so-called cyber hunting has grown to levels that require a new generation of tools in the analysts' arsenal.
One way to tackle this problem is through a combination of artificial intelligence (AI) and visual interfaces. Machine-assisted cyber threat hunting helps identify and understand threats from petabyte-scale data.
AI has made great strides when applied to uncovering patterns of interest and, coupled with advances in big data technologies, allows for large-scale automated processing of data (e.g. network logs). Processing huge amounts of data becomes possible with such approaches, but their effectiveness is limited when used in a fully automated mode of operation.
In order to truly distinguish between normal and abnormal activity – between simply anomalous and crucially malicious events – context and judgement that only a human analyst can offer is required.
A machine learning based analytical pipeline has been developed to automatically suggest anomalous events which look suspicious. Analysts then use our interactive and visual tools to understand the AI reasoning in more depth and can drill-down on the data in order to verify the result. The upshot is analysts being able to identify advanced security threats with a fraction of the effort and requiring less specialist training.
In the video below I talk about our latest work in the field of visual analytics, which plays to the strengths of both human analyst and machine, consequently helping cyber security analysts achieve more.