Machine learning and artificial intelligence seem to be the way forward in cyber security; nearly all new companies and products boast that capability. But one new company, emerging from stealth on Wednesday, is a little different. Most current security systems seek to automate knowledge; this one seeks to automate intelligence — the ‘how’ over and above the ‘what’.
LogicHub announced its arrival with news of an $8.4 million Series A funding round led by Storm Ventures and Nexus Venture Partners. Its purpose is to build a new type of threat detection system based on human security intelligence rather than simply big data analysis. This is based on one primary observation: a top grade human analyst is better at detecting threats than the current generation of threat detection systems.
“We have done what we call cyberhunt challenges with 75 companies,” CEO and co-founder Kumar Saurabh told SecurityWeek. “We provided a volume of data containing a threat, and asked each company if its automated system would find it. In only two out of the 75 challenges did the organization say its systems had more than a 50% chance of doing so. But they also said their in-house expert analyst would find it with 90+% confidence.”
But when he next asked if they could find the threat in two minutes, the response was resounding: it would take more like two hours. “This is what I hear again and again,” he said: “the systems are not clever enough, and the analysts are not fast enough.” His solution is to develop a system that can combine the intelligence of analysts with the speed of machines.
“At the end of the day,” says Saurabh, “experienced cyber analysts are much better at detecting threats and triaging false alarms than the security tools available, but given the magnitude of the challenge, most teams can only inspect a tiny fraction of all security events collected in-depth. To combat this, LogicHub has found a way to capture and automate the knowledge and expertise of the most skilled cyber analysts, which results in much deeper threat detection.”
This is the conundrum that LogicHub has set itself to solve: automating the human expert analyst’s threat hunting process rather than just generating and maintaining more and more rules on recognizing known threat indicators. By capturing expertise into a security intelligence ‘brain’, that expertise can then be used by lower grade analysts in the future. Furthermore, if the expert analyst is tempted away by a higher salary elsewhere, his or her expertise does not entirely leave at the same time.
It requires a different type of architecture, and Saurabh points to Google Search as an example. It is fast, clever, and able to ‘predict’ user requirements. “One of the key things Google did a couple of years ago,” he explained, “was they built a knowledge graph. And that knowledge graph has tens of millions of entities and relationships. They use that knowledge graph to link entities by relationships so that it understands the data it contains.”
In fact, in October 2016, City University of New York professor Jeff Jarvis tweeted, “Google knowledge graph has more than 70 billion facts about people, places, things. + language, image, voice translation.”
“The difference between Knowledge Graph and the security solutions available today is that they don’t understand the data,” said Saurabh. “They do nothing to tell the user how to navigate the data.” It’s like the difference between modern GPS and a road atlas, he continued. “With the atlas, you have the data, but you have to figure out what that data means by yourself.”
In threat analysis, there are very few people who really understand what the data means. “Since that understanding is trapped in their heads, it can only be leveraged in a very limited way. With automation, we can take the expertise that is trapped in their heads and turn it into a system so that what one analyst knows and applies can be shared with ten other people on the security team. Over time you can build a system that is more available as a service, and can be used by hundreds of companies — it becomes a security brain.”
Developing that security brain is what LogicHub is doing. It has an augmentation tool that automates that capture of analyst methods, so that different analytical method from different analysts can be combined into the intelligence automation tool. “A security analyst with our security intelligence automation platform can become equal to ten analysts. You have to use the augmentation tool to get there; but it has that potential.”
This system will be offered as an on-premise solution for those companies not yet comfortable with the cloud and sharing data, and as a cloud service that combines and shares analytical expertise with all cloud customers.
More from Kevin Bowers
- Alexa May Be Recording More Than You Realize
- UK’s NCSC Adopts HackerOne for Vulnerability Coordination Disclosure
- Artificial Intelligence in Cybersecurity is Not Delivering on its Promise
- Untangle Partners With Malwarebytes to Bring Layered Security to SMBs
- Testing Security Products: Third-Party Standards vs. In-House Testing
- New Cyber Readiness Program Launched for SMBs
- Personal Details of 120 Million Brazilians Exposed
- Researchers Find Thousands of Twitter Amplification Bots in Just One Day
Latest News
- Fraudulent “CryptoRom” Apps Slip Through Apple and Google App Store Review Process
- US Downs Chinese Balloon Off Carolina Coast
- Microsoft: Iran Unit Behind Charlie Hebdo Hack-and-Leak Op
- Feds Say Cyberattack Caused Suicide Helpline’s Outage
- Big China Spy Balloon Moving East Over US, Pentagon Says
- Former Ubiquiti Employee Who Posed as Hacker Pleads Guilty
- Cyber Insights 2023: Venture Capital
- Atlassian Warns of Critical Jira Service Management Vulnerability
