AI cyber solution distills expert strategies from many sources into defense playbook

Cooperative, not competitive, system harnesses knowledge, experience for collective good

 
Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

The ongo­ing war­fare between small and mid­size com­pa­nies defend­ing their net­works against relent­less hack­ers just isn’t a fair fight, says John Shear­er, CEO of DarkLight.

All too many SMBs are clue­less and/or lack resources ded­i­cat­ed to con­tin­u­al­ly defend­ing their net­works against deter­mined, inno­v­a­tive intruders.

Mean­while, the attack­ers are “extreme­ly orga­nized, and they’re shar­ing their knowl­edge. They’re actu­al­ly act­ing in an orga­nized way to attack the small busi­ness­es. And the small busi­ness­es, unfor­tu­nate­ly, are easy targets.”

Relat­ed arti­cle: Oba­ma chal­lenges secu­ri­ty ven­dors to share intel­li­gence more widely

So what if the good guys took some cues from the bad guys? I had the chance to dis­cuss this top­ic in per­son with Shear­er at Black Hat 2017. Here are some takeaways:

The pow­er of shar­ing. Dark­Light is work­ing on an arti­fi­cial intel­li­gence (AI) sys­tem that can learn through the use of a play­book filled with infor­ma­tion shared among orga­ni­za­tions and gov­ern­ment agencies.

It’s not eco­nom­i­cal for the small busi­ness­es to actu­al­ly have a secu­ri­ty ana­lyst on staff,” Shear­er says. Even if they want to hire some­one, such staffers can be dif­fi­cult to find. “There’s talk about over a mil­lion job open­ings for cyber­se­cu­ri­ty ana­lysts. The ones that are there, they’re com­plete­ly overwhelmed.”

Dark­Light seeks to gath­er the knowl­edge and exper­tise of cyber­se­cu­ri­ty experts, and make it a com­pa­ny asset through a form of teach­able AI. “The over­whelm­ing task is to repli­cate how I make deci­sions, and how I make sense of things … and how I cor­rect the problem.”

A library of libraries. There are libraries of trade craft and knowl­edge already built with­in gov­ern­ment and cor­po­rate sys­tems, Shear­er says, and Dark­Light has curat­ed much of this data into the under­ly­ing AI sys­tem, where it can be cus­tomized by the com­pa­nies that use it.

We’re cre­at­ing this library in a col­lab­o­ra­tive way … this library of play­books … the abil­i­ty to auto­mate and cre­ate a vir­tu­al analy­sis based on the exper­tise of those analysts.”

This work helps Dark­Light cre­ate play­books that are spe­cif­ic for a com­pa­ny, “like ana­lysts in a box. Think of it as hav­ing an assis­tant,” he says.

ThirdCertainty’s Byron Aco­hi­do talks with DarkLight’s John Shear­er at Black Hat 2017 in Las Vegas.

The ana­lysts them­selves from each com­pa­ny can aug­ment and cre­ate their own play­books,” Shear­er says. “What we want to do is cre­ate this mar­ket­place of knowl­edge” that can be shared between com­pa­nies, indus­tries and governments.

Once that knowl­edge base is large enough, it becomes almost a vir­tu­al secu­ri­ty oper­a­tions center.

Think of it like a bat­tle,” Shear­er said. By shar­ing knowl­edge through a trust­ed infor­ma­tion plat­form, orga­ni­za­tions are almost cre­at­ing a defend­ing army of cyber analysts.

Enough with pro­pri­etary com­pet­i­tive­ness. Dark­Light has worked with sophis­ti­cat­ed man­aged secu­ri­ty ser­vice providers (MSSPs) who have done advanced threat hunt­ing and adver­sar­i­al pursuit.

We’re cre­at­ing this entire knowl­edge base that can be shared,” Shear­er says, with com­pa­nies act­ing as threat infor­ma­tion providers feed­ing data into a knowl­edge base. The sys­tem gives ana­lysts the frame­work to cre­ate and teach the sys­tem, and share infor­ma­tion both auto­mat­i­cal­ly and manually.

In cyber, you can’t play … pro­pri­etary games,” he says. Orga­ni­za­tions such as the finan­cial indus­try, the cred­it sec­tor, util­i­ties and ven­dors real­ize they have to work togeth­er. “What you want is a frame­work that allows every­one to share infor­ma­tion back and forth and real­ize that you have to fight togeth­er as a community.”

For a deep­er drill down, lis­ten to the accom­pa­ny­ing podcast.

More sto­ries relat­ed to AI cyber solutions:
For cyber­se­cu­ri­ty indus­try, it looks like AI rev­o­lu­tion is here to stay
Auto­mat­ed analy­sis of big data can help pri­or­i­tize secu­ri­ty alerts, neu­tral­ize threats
Machine learn­ing com­bined with behav­ioral ana­lyt­ics can make big impact on security