Vectra issued with five U.S. patents for artificial intelligence enhanced visibility into cyber attacker behaviour
Vectra, the leader in automating the hunt for in-progress cyber attacks, today announced it has been issued five U.S. patents, numbers for advanced cyber security analytics capabilities automated by artificial intelligence (AI). These patents are said to demonstrate the effectiveness of security research and data science collaborating to enhance visibility into attacker behaviour.
The Vectra patented technology helps address critical issues in today’s fight against cyber attackers. Between the severe shortage of knowledgeable talent and the immense increase in cyber threats, shorthanded security teams are bombarded with endless, disparate alerts that take hours to investigate and prevent a rapid determination of severity or root cause. Vectra combines a number of patented machine learning (ML) and AI techniques to identify individual attacker behaviour and to judge the severity of combinations of such behaviours.
One of the most difficult attacker behaviours to detect is malware that “phones home” to the attacker and enables him to take manual control over a compromised host. Security analysts have coined the term RAT (Remote Access Trojan) to describe malware that enables this functionality. However, any number of benign software packages used for remotely controlling a machine can also be used to accomplish the same goal. Vectra has been granted a patent for using innovative machine learning techniques to detect such behaviour regardless of the malicious or benign software used to establish manual remote control of an internal host.
Another of the granted patents takes an innovative approach to correlating all attacker behaviours observed on a particular asset in an organisation’s network and assigning threat and certainty scores to the observed timeline of attacker behaviours. With such insights, attacks can be stopped at the earliest signs of detection and before data is stolen.
“Timely detection of advanced attacks is key to neutralising them before they do an organisation substantial harm. Using ML and AI to find the individual steps of advanced attacks, correlating them on a machine across time and prioritising the resulting narratives is key to making events actionable for security analysts,” said Oliver Tavakoli, chief technology officer of Vectra. “Finding the sometimes-tenuous connections across multiple machines which are part of a single attack campaign is the next AI frontier for reducing analysts’ alert fatigue and turning the tables on the attackers.”
Additional Patents Issued Advancing Visibility into Attacker Behaviour
Fingerprinting Individual Behaviour – Correlation efforts begin by fingerprinting each machine or workload in an organisation’s network. These fingerprints allow identification of a host to which individual behaviours can be attributed. The collection of observed behaviours over time can then be scored based on the certainty of compromise and the extent of threat the set of behaviours signal.
Host Scoring & Correlation – Utilising AI to identify individual attacker behaviours, such as External Remote Access, presents a major advancement, in terms of coverage and accuracy, over current techniques. Even as better coverage for detecting individual attacker behaviours become available, there is also an opportunity to apply machine learning to correlate these behaviours, creating from them a smaller number of individual host narratives and potential attack campaigns.
Vectra has 14 additional patents pending for cybersecurity applications of machine learning and artificial intelligence.