Using structured, machine-readable data in defensive systems can present a significant challenge. In this Help Net Security interview, Giorgos Georgopoulos, CEO at Elemendar, discusses these challenges and how Elemendar’s application can help cyber analysts and CISOs.
Giorgos highlights the company’s customizable technology, which can be tailored to meet the unique needs of different organizations, as well as the security measures that Elemendar takes to protect the data processed by their AI technology.
What are some challenges of using structured, machine-readable data in defensive systems?
The first challenge that Elemendar has been created to solve is to take the human-readable, human-produced intelligence from those incomprehensible forms to machines, and make them into something that machines can use. That’s because, to use CTI as structured, machine-readable data in a defensive system, you need to translate it from a human-readable form into a machine-readable one: the greatest benefit from cyber threat intelligence comes with higher-level information that is expressed in human-readable forms, because a human wrote it in the first place.
The good news is that data standards which are interoperable and make using structured data across different systems possible do exist. Therefore integrating this data across multiple sources, while challenging, is a solved problem. The bad news is getting that higher-level information into these data formats in the first place.
In contrast, for low-level data such as indicators, there’s little issue as they are already structured – but also there’s little benefit, because the attackers can change these indicators trivially.
How does Elemendar’s application help cyber analysts and CISOs?
In the ongoing battle against highly motivated attackers, cyber threat intelligence is crucial in informing cyber analysts and CISOs, as it allows defenders to be better prepared. However, being prepared alone is not enough. To be effective, cyber defenders also need to move at the speed of the threat. Fast decision-making is therefore essential, and since Elemendar’s application provides structured data that can be automatically processed by defensive systems, it helps cut down the time that analysts feeding into decision-makers need to process data manually. This is especially important given that the time between a breach, detection, and fix can often be measured in months.
Moreover, cyber analysts and CISOs are a scarce resource, and it’s essential to deploy their attention where they can make the biggest difference. Using tools that are not built for intelligence applications or doing unnecessary manual work is a known cause of turnover and morale issues within the cybersecurity profession.
Elemendar’s application not only improves speed, but also creates capability within cyber security teams to do the work that is most valuable, leading to a more fulfilling work experience for cyber analysts. By reducing the challenges of turnover and morale, Elemendar can help improve the overall effectiveness of a CISO’s teams in the long run.
Can Elemendar’s technology be customized to meet the specific needs of different organizations?
Yes, Elemendar’s technology can be customized to meet the specific needs of different organizations at three stages: when integrating the data sources for the application to process, when processing the data inside the application, and when integrating the outputs into an organization’s cyber defense workflows.
When it comes to integration of sources, Elemendar’s application can ingest anything from plain text via our API to PDF file uploads, and for some customers more exotic data sources that are further transformed before being processed.
The application’s machine learning algorithms already use an ensemble process with different models. As such, additional custom models can be trained on specific data sources and customized to identify and extract intelligence relevant to the organization’s particular threat landscape, sources, or internal data.
Furthermore, Elemendar’s flexible platform allows for easy integration with existing cybersecurity tools and systems. This means that the application can be tailored to work seamlessly with an organization’s current defensive infrastructure, ensuring that the intelligence is effectively incorporated into the defensive systems. In practice, this means outputs in formats such as STIX 2.0/2.1 or MISP, and availability via both API and TAXII.
What measures does Elemendar take to ensure the security and privacy of the data processed by their AI technology?
Security is a pretty small world and the intelligence field within it even more so. This means we have to work effectively with partners all through the ecosystem, including the providers of the data that passes through our application, bearing in mind that the content and the outputs of an organization’s cyber threat intelligence team can be pretty sensitive.
So, first of all we’re pretty picky in terms of customer due diligence, as you can imagine for an organization founded at the UK’s first GCHQ national cyber security accelerator. When it comes to processing proprietary data we have IP safeguards and likewise that the outputs of the system which are being used by the customer belong to that customer.
Finally, for any customers who are especially sensitive, we offer the option to run the application ‘Behind The Wire’ so to speak, i.e. completely under the customer’s control and without being connected to the outside world. Since we don’t deal with any consumer or will personally identifiable information, a number of other concerns about individuals’ protections are not applicable here.
You’ve recently been accepted into the Google for Startups Growth Academy for Cybersecurity. What do you expect from this opportunity?
Google is a fantastic partner for any security company, and this has been even more true for anyone operating in the cyber threat intelligence field, as we do, since the integration of Mandiant last year.
Having the opportunity to work with some of the ‘OGs’ in intelligence and develop both our solutions and our ability to reach customers through this kind of partnership is a once-in-a-lifetime opportunity for any start-up and we’re incredibly excited to take part in this program.
from Help Net Security https://ift.tt/usYez2n
0 comments:
Post a Comment