Verimatrix - Giving AI Cybersecurity the Human Touch
Names:
Christopher Spence, Architect, Data Science Lead
Guillermo Arroyo, Data Scientist
Ajay Ahuja, Senior Data Engineer
Country: United States
Organization: Verimatrix
Verimatrix helps power the modern connected world with security made for people. We protect digital content, applications, and devices with intuitive, people-centered, and frictionless security. Leading brands turn to Verimatrix to secure everything from premium movies and live-streaming sports, to sensitive financial and healthcare data, to mission-critical mobile applications.
We enable the trusted connections our customers depend on to deliver compelling content and experiences to millions of consumers around the world. Verimatrix helps partners get to market faster, scale easily, protect valuable revenue streams, and win new business.
Awards Categories:
- Best Acceleration Use Case
Business Challenge:
The increasing dependency on digitization, Internet-of-Things (IoT), open-source software, and cloud computing has created unique challenges for protecting networks, systems, and applications against malicious attacks and novel evasion techniques that can evade existing detection mechanisms.
Complementing and augmenting human capabilities with Artificial Intelligence (AI) technology is vital for building resilient threat defense solutions that safeguard against advanced persistent threats (APTs) and zero-day attacks, help our customers better manage risks, and improve operating efficiency in rapidly evolving cyber environments.
What’s more, the exponential rise in the number and diversity of contemporary cyber-attacks creates a significant challenge for traditional signature-based intrusion detection solutions (IDS), which rely on threat history data to block and remediate future malicious attacks proactively. While these misuse detection solutions offer high detection accuracy and low false positive rates, keeping their signature databases current is costly. It has an alarmingly low zero-day attack detection rate since these attacks exploit unknown vulnerabilities, and their signatures do not exist in the repository.
Another type of IDS uses anomaly detection techniques that look for suspicious events that deviate from regular user or entity behavioral thresholds. Since anomaly detection asserts that any outliers outside predefined limits are symptoms of a cyberattack, their premise is detecting previously unseen cyberattacks. However, their performance and practical use for SIEM and incident response is limited since they suffer from generating a high rate of false positives on benign activity, needlessly creating unplanned work, and wasted effort.
Business Solution:
Given the limitations of traditional intrusion detection systems, we invested in the research and development of an Artificial Intelligence (AI) powered XTD solution. The result of this work has shown the potential to accurately detect known CVEs, new novel attacks designed to subvert systems using previously unseen methods, offer improved response times, and avoid excessive false alarms and other diminishing effects.
Figure 1: Verimatrix XTD AI-based Intrusion Detection System
Dataiku Online allowed us to focus on solving complex problems and innovation, enabling the team to deploy threat intelligence solutions faster than our competition. Our small data science team did not have to worry about administration, maintenance, scalability, and performance.
Seamless integration with a wide variety of data sources (Snowflake and Elasticsearch), customer-facing services (XTD), and managed products (S3) in the cloud was essential for the success of our ML-powered threat defense solution.
The benefits the Data Science platform offered that were most impactful to the organization were the collaborative low-code data preparation, exploration, visualization, statistical testing, AutoML, explainability, API designer, monitoring, and automation capabilities. Dataiku made it easy for us to create, test, and deploy highly available, elastic, and performant REST API endpoints for real-time model inference and interpretability.
Business Area: IT/Cybersecurity/Data
Value Generated:
Utilizing Both AI/ML and Human Professionals
Verimatrix’s hybrid ML-based IDS solution builds upon the principle of complementing and augmenting your SOC workforce capabilities, enabling the seamless knowledge exchange between machines, cybersecurity professionals, data scientists, and subject matter experts, creating more effective teams.
What makes collaborative human and machine threat intelligence compelling is that it allows organizations to manage AI risks, optimize response times, relieve SOC specialists of mundane tasks, enable them to focus on enjoyable and valuable work, and mitigate avoidable bias and blind spots while complementing technology with human instincts and common sense.
Collaborative threat intelligence, meanwhile, radically changes the way SIEM work gets done and amplifies the capabilities of the SOC workforce. Security functions that depend on intensive human labor and face barriers to improvement due to poor scalability may benefit significantly from human-centric XTD, which is designed to streamline and simplify the interaction between human and machine.
Benefits for a CISO or SOC team include:
- Proactive protection: Provides more robust and timely proactive protection against vulnerability exploits to disrupt attacks in their early stages compared to traditional solutions.
- Threat identification: Enable SOC teams to determine malicious intent with high confidence.
- Improved risk management and reduced costs: Provides improved response times and avoids excessive false alarms and other diminishing effects.
- Optimized workflow: Relieves SOC specialists of mundane tasks, enabling them to focus on enjoyable and valuable work, and mitigate avoidable bias and blind spots.
- Incorporated human judgment: Complements cyber security technology with human instincts and judgment.
- Shortened cybersecurity interventions: Builds trust in their decisions, makes better recommendations, and verifies that they meet regulatory requirements.
- Zero-day attack mitigation: Minimize the reliance on manual detection methods to improve speed of detection.
- Improved staff welfare: Offers a competitive advantage in the day-to-day execution of minimizing staff burnout.
Detecting Threat Patterns
Verimatrix’s ML model is highly successful in predicting benign and malicious flows for multiple attack types from a diverse range of networks, applications, and protocols with different topologies.
Verimatrix efficiently and accurately classifies benign flows and malicious flows for known malicious attacks by their type, such as Denial of Service, Exploits, Ransomware, and Reconnaissance.
Value Brought by Dataiku:
Dataiku’s online data science studio was essential for accelerating the development, deployment, and operation of our AI-assisted threat intelligence solution, enabling us to spend more time on innovation and realize value in our investment in AI.
Dataiku MLaaS provided us with out-of-the-box data management, infrastructure, security, governance, MLOps, performance, training, and world-class support services.
Dataiku enabled us to develop and deploy a mobile application vulnerability real-time inference end-point and a Digital Rights Management system utilization time series forecasting system into production in less than six months.
Value Type:
- Improve customer/employee satisfaction
- Reduce cost
- Reduce risk
- Save time