ForensicAI

The biggest ever leap forward in Perception technology.

As you all know Perception is a system that derives a level of understanding of the behaviour of all traffic on a network, capturing packets of that traffic on its way, and then allowing an analyst to look into patterns of that behaviour to determine what behaviour is malicious, dangerous, or indicative of a network vulnerability.  What this boils down to is letting the system automatically generate the most useful data set and then allowing the analyst to use that mass of data to find what’s interesting.  Whilst this method has proven to be more effective than standard solutions for finding existing threats and weaknesses on a network, it still relied on capable analysts with a deep level of understanding of network topography and threat landscapes.

Now, as part of a massive version 2.0 upgrade, we are adding a huge layer of capability onto the system, ForensicAI.

ForensicAI is an advanced system of artificial intelligence that automates large analysis tasks.  ForensicAI constantly looks through the built up mass of behavioural data from Perception’s behavioural analysis, identifying patterns and common themes that indicate potential live threats and network vulnerabilities without any intervention by the user.  When anything of interest is found, rich data is made available to the user in the form of an alert that explains what has happened, and why it is worth looking into. 

ForensicAI works by constantly polling the knowledge base looking for multiple behaviours or series of behaviours over time.  Because of the in-depth information generated by Perception’s behavioural analysis system, ForensicAI can generate alerts on activity that has occurred over the course of days, weeks, or months with extremely low false-alarm rates and very high detection rates.  The system is also flexible, our customers can request the development of specific ForensicAI intelligence to look for areas of concern, or increase the tendency for ForensicAI to alert on certain behavioural patterns.  This flexibility also allows the development team to constantly tweak the system to detect newer threats as they happen, and new logic is immediately able to look back into the knowledge base to see if anything’s occurred since Perception has been installed.

ForensicAI represents the first cyber security system that we know of that can automatically alert on low and slow behaviours over these sorts of timescales.  Perimeter and endpoint solutions typically only have the ‘now’ available to them, and false alarm rates would be too high to generate alerts over some of the behaviours involved in more advanced attacks.  SIEM tools can be used to gather data, but over time it becomes nearly impossible to find the needle in such a large haystack.  ForensicAI can pick out malicious activity that involves something happening months ago, followed by other behaviours a few weeks later, and then something else happening in the last few minutes.  As soon as the last piece in that puzzle falls into place, an alert is generated, which gives us that incredibly high detection rate.

With ForensicAI, Perception now has the capability to generate alerts from the large data sets, rather than just useful data to be used for further analysis.  This allows our serviced customers to benefit from analysts spending more time investigating incidents rather than discovering patterns, and our self-monitored customers can benefit from immediate identification of in-progress malicious activity.

As with all our other software updates, Perception v2.0 including ForensicAI is a free software update to all existing customers.