Interset at IANS Forum NYC: The Data Science Behind AI Security Analytics

Interset Technical Architect Bob Patten discussed how companies can operationalize big data security analytics.


Last month, Interset Technical Architect, Bob Patten jetted off to New York City to talk about AI security analytics with attendees of the IANS Information Security Forum. In his Technology Spotlight Session, Bob explored how Interset’s threat detection platform can help organizations connect fragmented security ecosystems and distill billions of events into a handful of threat leads that really matter. And to help attendees understand the power of the platform, he took a deeper dive into data science that powers our solution.

The presentation yielded some fantastic discussions with attendees, many of whom were eager to better understand how Interset can help their organization battle threats. We received a number of insightful questions from participants, but here are a couple common and important ones we’d like to discuss.  

Q: How does the math behind Interset AI security analytics work?

A: Interset’s AI security analytics platform is able to accelerate threat detection exponentially because of the data science behind our technology. Interset’s platform is powered by two layers of artificial intelligence: 1) Anomaly detection using hundreds of machine learning models, and 2) entity risk computation where clues are consolidated and evaluated through statistics. Instead of relying on pre-specified rules or thresholds for what is considered normal for an entity, Interset uses unsupervised machine learning—a type of AI that automatically discovers patterns from limited data sets without labelsdetermines the unique digital fingerprint of each entity (i.e., user, machine, file, etc.). This is what we call “unique normal” and we use it as a baseline for comparison to see aberrations. Then, our models measure behaviors and combine the resulting clues to determine a risk score, which will be a number between 0 and 100. And to ensure that we can continuously measure and evaluate behavior for companies of any size, Interset platform leverages a big data storage and computer architecture.

Q: Operationally, how will Interset scale and operate efficiently in my environment? For example, how do you tune the system if there are 1000 new employees every month?

A: To understand how Interset’s threat detection work, it’s necessary to shift into a different paradigm. Up until now, security solutions have required “tuning” to adjust rules and thresholds that define threat detection parameters. This traditional concept of “tuning” doesn’t exist in our platform. Interset uses unsupervised machine learning (to self-discover new patterns), combined with online learning (to dynamically analyze new data), to automatically adapt to rapidly changing populations. Instead of “tuning” the system to meet your organization’s needs, Interset’s machine learning automatically adapts. This means that as your enterprise changes, our platform can adapt and adjust in tandem.

If you have any questions and would like to learn more about how Interset can help you operationalize security analytics in your organizations, don’t hesitate to reach out to us via email or social media. You can also catch us live at IANS Forums in other locations this year. Check out our upcoming events to see where we’ll be.