In cyber security data analysis, visualizations have been used as eye candy for quite a few years, going back as far as the early 2000’s. The network styled visuals don’t necessarily mean the data is stored as graph, and in fact, it rarely is. So what is the difference between an intelligent analysis platform versus one based on simple visualizations?
Visualizations and Backends
Graph databases are a powerful game changer for cyber security and IT operations analytics. Unlike traditional relational backends or document based data stores, graph databases treat everything as “objects” and “relationships.” Whereas data in a relational databases looks like series of tables, graph data sets are represented by a big mesh or a network of individual data points.
Graph backends allow applications to relate a large variety of data without significant performance impact. However, most of these efforts fall short. While they do have a novel approach to storing the data (typically as an extension to event-based data stores), they take no further steps of understanding what the data means any differently than before. It’s just rearrangement of fields produced by SIEMs or log management solutions in a graph form. The end result is that the analysts are still left to interpret the meaning behind the data and to make their own conclusions.
Machine Reasoning for Analysts
Behind the scenes (machine reasoning) automatically draws the same conclusions a human analyst would, gradually and reliably improving and enriching the data it finds.
Gemini Enterprise is different. It’s a turn-key solution that leverages our proprietary, multidimensional ontology to inherently understand data regardless of where it came from, or available level of detail. We’ve built this massive data dictionary based on our extensive domain experience as security analysts in the field. It is foundational to our AI approach — machine reasoning. Unlike anomaly detection, machine reasoning is much closer to what we would consider artificial intelligence. It performs logical, fact-based transformation of the data consumed. Behind the scenes, it automatically draws the same conclusions a human analyst would, gradually and reliably improving and enriching the data it finds. It infers connections between missing data objects based on ones present in the data.
For example, we may identify a unique ‘Person’ at some point of data collection, but later would automatically promote them to an ‘Employee’ after discovering their relationship with an organization. Meanwhile, all the facts we have collected about them remain and there is no change in behavior, only improvement based on new information. For analysts, offloading this type of low-level logical analysis to machines is a game changer because it enables humans to focus on much more nuanced conclusions.
What we strive to deliver is a practical hybrid of human and machine intelligence, in a turn-key solution, focused on technologies and environments our customers have already invested in.
For an in-depth look at the value of an AI analysis stack for Situational Awareness, please register [http://info.geminidata.com/SituationalAwarenessWP] for our white paper.