AI cyber solution distills expert strategies from many sources into defense playbook
Cooperative, not competitive, system harnesses knowledge, experience for collective good
By Byron Acohido, ThirdCertainty
The ongoing warfare between small and midsize companies defending their networks against relentless hackers just isn’t a fair fight, says John Shearer, CEO of DarkLight.
All too many SMBs are clueless and/or lack resources dedicated to continually defending their networks against determined, innovative intruders.
Meanwhile, the attackers are “extremely organized, and they’re sharing their knowledge. They’re actually acting in an organized way to attack the small businesses. And the small businesses, unfortunately, are easy targets.”
Related article: Obama challenges security vendors to share intelligence more widely
So what if the good guys took some cues from the bad guys? I had the chance to discuss this topic in person with Shearer at Black Hat 2017. Here are some takeaways:
The power of sharing. DarkLight is working on an artificial intelligence (AI) system that can learn through the use of a playbook filled with information shared among organizations and government agencies.
“It’s not economical for the small businesses to actually have a security analyst on staff,” Shearer says. Even if they want to hire someone, such staffers can be difficult to find. “There’s talk about over a million job openings for cybersecurity analysts. The ones that are there, they’re completely overwhelmed.”
DarkLight seeks to gather the knowledge and expertise of cybersecurity experts, and make it a company asset through a form of teachable AI. “The overwhelming task is to replicate how I make decisions, and how I make sense of things … and how I correct the problem.”
A library of libraries. There are libraries of trade craft and knowledge already built within government and corporate systems, Shearer says, and DarkLight has curated much of this data into the underlying AI system, where it can be customized by the companies that use it.
“We’re creating this library in a collaborative way … this library of playbooks … the ability to automate and create a virtual analysis based on the expertise of those analysts.”
This work helps DarkLight create playbooks that are specific for a company, “like analysts in a box. Think of it as having an assistant,” he says.
“The analysts themselves from each company can augment and create their own playbooks,” Shearer says. “What we want to do is create this marketplace of knowledge” that can be shared between companies, industries and governments.
Once that knowledge base is large enough, it becomes almost a virtual security operations center.
“Think of it like a battle,” Shearer said. By sharing knowledge through a trusted information platform, organizations are almost creating a defending army of cyber analysts.
Enough with proprietary competitiveness. DarkLight has worked with sophisticated managed security service providers (MSSPs) who have done advanced threat hunting and adversarial pursuit.
“We’re creating this entire knowledge base that can be shared,” Shearer says, with companies acting as threat information providers feeding data into a knowledge base. The system gives analysts the framework to create and teach the system, and share information both automatically and manually.
“In cyber, you can’t play … proprietary games,” he says. Organizations such as the financial industry, the credit sector, utilities and vendors realize they have to work together. “What you want is a framework that allows everyone to share information back and forth and realize that you have to fight together as a community.”
For a deeper drill down, listen to the accompanying podcast.
More stories related to AI cyber solutions:
For cybersecurity industry, it looks like AI revolution is here to stay
Automated analysis of big data can help prioritize security alerts, neutralize threats
Machine learning combined with behavioral analytics can make big impact on security