With a rich history of providing AI security analytics to some of the world’s largest enterprises and government agencies, Interset is a cybersecurity company on a journey to explore new techniques to deal with a new age of cybersecurity issues. By arming clients with the right set of tools and technologies, Interset empowers cybersecurity professionals to keep up with the alarming rise in cyberattacks. Stephan Jou, CTO, discusses the trends and challenges in the cybersecurity arena and how their security platform counters inside threats.
How do you assess the current cybersecurity landscape in the enterprise world?
There is an unfair battle raging between cybersecurity professionals and cyberattackers. Cybersecurity teams have to constantly focus on keeping their diverse networks and systems infallible to all attacks. On the other hand, a hacker managing to break through a firewall only once can win the battle. This challenge leaves cybersecurity experts at a steep disadvantage. What is more, against the backdrop of the recent high profile cyber attacks, it can be said that the threat actors today have access to better technologies, including platforms and toolkits, and the attacks are very well-coordinated. This already challenging fight against cybercrime is made more difficult by the lack of sharing between cybersecurity vendors. While cybercriminals are collaborating online and sharing information to help find new ways to inflict more damage, security vendors often keep innovative technologies under wraps to avoid losing a competitive advantage in the market.
What is the strategy employed by Interset to defend the cyberspace effectively?
We combine automation, artificial intelligence (AI), and machine learning to help companies distill billions of events—generated out of a large amount of data in a company—down to a handful of prioritized threats that require critical action. This automated analysis helps to study billions of events in a single day to arrive at the probable combinations for a possible attack. The analysis takes into consideration the user accounts, their activities, and the flow of data, which may leave subtle warnings that would otherwise be neglected because of historically limited cybersecurity defense practices.
Could you elaborate on your product—Interset 5.5?
With analytics playing a crucial role in the cybersecurity industry, our solution—Interset 5.5—takes human intuition and implements that as statistical algorithms that can be run around the clock.
AI security analytics puts power back in hands of enterprises and help them to mitigate the impact of insider threats, data breaches and loss of critical IP
The solution is built upon an open source, big data architecture and can be deployed on-premise or on the cloud, offering scalability and flexibility. One of the major benefits is that we provide sophisticated mathematical models and AI techniques without compromising on providing a simple and actionable user experience. Interset 5.5 has an intuitive user interface with natural language and visualization that nullifies the need for a user with a statistics or data science background.
To simplify the user experience, the authenticity of statistical proof about an existent and pertinent threat is measured on a scale of 0-100, with 100 signaling the highest risk. The rating provided is not based on a single alert or anomaly, but on multiple anomalies that could possibly be happening at around the same time. To a human observer, it may seem normal to come across anomalies, such as logging into the network outside working hours, inconsistent amount of data transferred, the frequency of access to folders on a cloud service, and other categories of suspicious behavior. All the evidence is put together to reach the final score to understand the level of criticality and verify the authenticity of an existing and ongoing attack.
Could you provide a case study to illustrate the advantage of your solutions?
One of our clients, a U.S.-based semiconductor manufacturer, learned that the source code of its next-gen chips was leaked by two engineers. In spite of spending over a year and a million dollars with their existing security vendors, the company failed to effectively foresee the leakage of data that was happening from the company network through these employee accounts. To test Interset’s threat detection capabilities, the company invited us to analyze its source code data and see if we could identify the leaks. Interset entered the scene, and within two weeks of deploying our solution, we were able to not only identify those two engineers but also surface 11 more accounts that were involved in the data theft, which the manufacturer had not previously known about. Of the 11 accounts, nine were based out of China. The engagement process involved gathering source code log files dating back to nine months and analyzing those logs in 24-48 hours to surface the identities of the 13 accounts.
What does the road ahead look like for Interset?
We are in a cybersecurity arms race against attackers, and it’s not a fair fight. Cybercriminals are at an advantage with greater numbers, knowledge sharing communities, and sometimes cutting-edge technologies currently in their favor. To gain back the lead, enterprises will need to leverage analytical techniques that are more advanced than those that attackers have at their disposal.
At Interset, we believe that data science will fuel cybersecurity defense from here on out. AI security analytics puts power back in hands of enterprises and defenders to help them detect insider threats, data breaches, advanced adversaries, and loss of critical IP. Our data scientists are constantly exploring new frontiers with analytical techniques— such as models to differentiate between human and bot behaviors or detect malicious protocol tunneling—that will enable Interset to detect threats with even greater speed and accuracy.
We are committed to pushing boundaries and navigating into uncharted territories in order to create advantages over our cybercriminal adversaries. Working closely with our clients across enterprises and government agencies, we will continue to drive innovation and exceed expectations with new techniques and technologies that will put organizations ahead of the security threats that relentlessly pursue them.