What does this have to do with my IT & Cybersecurity log analysis
Cyber threats are accelerating by leaps and bounds in frequency and sophistication. At the same time, the cybersecurity skills shortage is growing, a projected 1.8 million empty positions by 2022. Artificial Intelligence(AI) will have a pivotal role to play to halt these growing problems.
There are plenty of AI and cybersecurity tools available to the enterprise but it is hard for organizations to spend time and resources researching what to commit effort to. Facing the current situation however; we know there is an opportunity for tools that can bring a generational shift in how we interact with data. Let’s try to imagine what we need, what is practical to be built now, and try to build one.
Let your imagination run wild
Let’s forget for a minute technological limitations and try to come up with the ideal analysis solution. What would that solution look like? Perhaps if your company is Stark Industries, it would be a Karen or a Jarvis who you can just ask “Have I been hacked? Who is the attacker? Can you respond back and stop the attack?” And the AI would analyze the data, tell us what to do, or maybe respond automatically, performing actions to handle the threat.
Now, back to reality
Envisioning a perfect solution is a good exercise but in reality it is very difficult to have AI perform even the basic tasks humans do. When evaluating any product claiming AI based cybersecurity detection and response, you should proceed with caution. Wrong responses can lead to worse outcomes. You don’t want a Skynet-style Judgement Day for your enterprise especially when automating responsive actions. So, what do you do?
Assistive AI is the right direction
While there is a need to scrutinize AI solutions, there are reliable solutions that are being created now. Think evolutionary vs revolutionary. Let’s try to get to a small step forward where AI is not a Skynet-style be-all intelligence but rather a more targeted virtual assistant, your personal Security Concierge, providing answers and insights from what it understands about your data.
Machine learning can provide insights to assist cybersecurity practitioners in effectively tackling thousands of alerts and tremendously reduce response time. In addition, technology such as Natural Language Processing (NLP) can help expand the usage and reach of the solution, allowing business users to self-serve on their use-cases and analysts to more effectively define, capture, share and run their workflows, providing more value from the costly tools deployed.
Such an assistive AI should be able to do several things:
- Understand and answer data searches, aggregation and Business Intelligence (BI) questions.
- Provide answers to more nuanced analytical questions like ‘What is interesting in my data?’
- Provide answers to seemingly silly question like “Have I been hacked?”, guiding analysts down a path to answer that very non-binary question.
- Deduce insights and present it visually.
- Capture an analyst’s workflow into a structured process that can be repeated, shared, and automated.
Essentially such an assistive AI would become a powerful tool for both analysts and business or managerial users.
Can we try to build or assemble our Karen?
For the brave, there are some building block technologies present to integrate with your log data platform. You could try to use Alexa’s APIs to add skills. You could integrate a more comprehensive data analysis solution like Watson. You could integrate with Tableau to visualize results. And all the while, you could use slack to communicate and share with your private community of collaborators to get to what you need from your business use-cases.
Is it possible to collectively integrate Alexa, Watson, Tableau and Slack with my log data platform?
Maybe. Bringing together these four tools to work at the same time, as a single product on the data in your current log/SIEM repository is a tall ask by any means.
First, because these tools are from different big vendors and they often don’t have a direct native integration. Second, the solution could get cost-prohibitive with some of these being expensive to license, deploy, and use. Third, you would probably have to dedicate individual analysts and engineers to develop an integrated solution, which will take time and increase your TCO. You would also have to move data out of your current SIEM / log repository. Last but not least, it may still turn out to be a complex solution that can’t be directly exposed to end-users.
A generational change: Query.AI’s IRIS platform
Query.AI’s IRIS platform provides a single interface that brings together the characteristics of Alexa + Watson + Tableau + Slack, to help you get ahead of the curve when it comes to accessing and analyzing the data present in your SIEM / log repository. IRIS is not yet advanced as Karen, but she does enable you to talk to your data. As your Security Concierge, a virtual analyst-assistant IRIS engages with you to answer questions from your data, like Alexa. Also, like Watson, you can declutter and analyze your data with automated insights. Like Tableau, you can visually slice and dice data with intelligent AI used to draw relevant charts. Finally, in a slack-like interface, you can collaborate on use-cases with your team and industry peers.
IRIS lets analysts develop their investigation into workflows that get executed in the same live collaboration environment. Using an out-of-the-box library of security workflows, you can easily search, review, collaborate, and act upon your cybersecurity use-cases. Automating workflows also saves analysts’ time and effort that could be redirected towards more value-added tasks while simultaneously reducing the risk of human error and increasing the consistency of each investigation. This ultimately reduces organizational risk!
Peaked your interest?
See for yourself how real IRIS is contact us and lets get you a demo.
Query.AI’s IRIS platform is available in an easy chat, voice, visual and collaborative interface. A single console tuned to serve your use-cases.
IRIS integrates with Elasticsearch and Splunk, at both UI and log data store level. We are constantly adding support for additional log data platforms, so let us know about your platform.
If you have any questions or comments, please leave them below, we’d love to hear from you!
Posted by Dhiraj Sharan
Dhiraj is the founder and CEO of Query.AI. He is an innovator and expert developer with 18 years of problem solving and solutions development in cybersecurity including over 10 patents. He has lead engineering for companies like ArcSight, HPE, Niara and Aruba.