Articles / Improving Your SOC with AI

on 03 Aug 2017

I have on my desk an original first edition copy of Von Neumann’s The Computer and the Brain. It’s a wonderful, yet touching book, because while it laid the foundations of artificial intelligence in computing, it was also the great scientist’s last work. The final sections literally trail off as Von Neumann dies of cancer during the book’s creation. His wife’s preface, written six decades ago, still chokes me up.

Since then, artificial intelligence has begun that familiar evolutionary-shedding so typical of new disciplines: Math tossed off numerology, astronomy shed astrology, chemistry got rid of alchemy, and even computing has begun to shed its less scientific components. As AI undergoes a similar maturing process, some useful algorithmic methods appear to be emerging.

One such algorithmic method that is well-suited to cyber security was evident during a recent discussion with principals from JASK, a new Market Street start-up that is building a high-quality security artificial intelligence platform. Their implementation of neural network-based analysis brought me back to Von Neumann’s book and to my understanding of how neural networks and AI work.

The basis for the JASK platform, and the idea that underlies neural networks, is that decision-making in the brain is performed based on weighted inputs. A decision structure called a sigmoid neuron interprets inputs as real numbers between zero and one, so that the summation can be adjusted for system bias and applied to a threshold to draw some conclusion.

JASK implements this by modeling inputs using a feature vector – the elements of which are weighted inputs to a decision-making process that helps SOC analysts decide on action. By including feedback from the output to the feature vector, the system can learn in an automated manner, or through the guided assistance of the human analyst. It seems like a clean implementation of Von Neumann’s original thinking.

Obviously, the devil-is-in-the-details regarding how useful the JASK platform or any other neural processing AI platform will be in your own SOC. Ask any analyst, and they will repeat the familiar GIGO aphorism from Computer Class 101: If the data being ingested is good, and the platform includes sound analysis tools, then excellent decisions can be made. But if the ingested data is bad . . . well, you get the idea.

The JASK platform minimizes this GIGO challenge through predefined connectors to enterprise sources such as IT systems, network elements, and of course, cyber security functions. Support for STIX/TAXII and API-based data ingest optimizes the automation of this process on the platform. It’s hard to imagine building a SOC these days without inclusion of this sort of automated ingest, neural processing, and decision output. 

If this all sounds consistent with your existing SOC, then congratulations: Your team is definitely on the right track. Furthermore, if you’re considering an upgrade to your analytics tools, then give the JASK team a call and I suspect you’ll benefit from what you hear. The idea of using neural processing and AI techniques is exciting as heck, and your SOC team will love to explore the possibilities.

Regardless of your situation, however, I think there is something else that you must do today: Go find and purchase a copy of Von Neumann’s little book. I saw a used copy on-line for $2.00, and this would be the best pocket change you ever spent in your life.