Interset Advances Use of AI in Security Analytics

Bluelock

By: Michael Vizard
January 09, 2018


Startup Interset today announced an update to its security analytics software that can identify whether network traffic is being generated by humans or a bot.

Version 5.5 of the namesake analytics software developed by Interset builds on a capability to identify network packets using machine-learning algorithms that eliminate the need for deep packet inspection (DPI). This latest release employs behavioral analytics and time-stamped data to also determine whether packets are being generated regularly by a script or a bot or more intermittently by a human, says Inteset CTO Stephan Jou.

Built on top of instances of Apache Hadoop and Spark software, Jou says Interset applies artificial intelligence (AI) against big data to provide each customer with security analytics that is specifically tuned to their IT environment. In contrast, Jou says other approaches to applying AI to security analytics are based on data that vendors aggregate in the cloud. The trouble with that approach is that every customer has a networking environment that is different from every other customer, says Jou. Those differences make it difficult for IT organizations to act on generic intelligence being generated via a cloud service, he says.

“There’s a lot of noise and snake oil out there,” says Jou.

Interset got its start using funding from In-Q-Tel, the venture capital firm funded by the U.S. intelligence community to build an alternative to traditional security information event management (SIEM) platforms. The company now counts McAfee among the resellers of its software. Jou joined Interset after first leading the development of the IBM Watson Analytics platform.

Other new capabilities being added in version 5.5 of the company’s security analytics software include the ability to identify when data is being exfiltrated, enhanced threat hunting tools, and the ability to identify potential fraud associated with abnormal claims being made in, for example, expense reports, and an ability to share analytics with third-parties.

Jou says it takes about 24 hours to set Interset up and another 30 days to train the model, which can be accelerated using historical data when available.

Naturally, it’s still early in terms of understanding exactly to what degree AI technologies will improve the cybersecurity posture of the average organization. But it’s already clear that most IT organizations are both outgunned and outmanned when it comes to both the tools they have at hand and the expertise required to wield them. Given that reality, it’s now more a matter of when AI will get applied to cybersecurity to address what is now a herculean analytics task that is beyond the capabilities of any mere mortal to implement.