Designing an artificial intelligence cyber security platform

 

It's an exhilarating time to be working in the cyber security industry. The landscape is rapidly evolving as the velocity of cyber threats increase, and attackers and defenders battle to stay ahead of one another.

This constantly shifting paradigm creates some fascinating problems, but also opportunities where technology can step in, enhance our capabilities, and return the advantage to the defenders. Whilst these fluxes are happening at a technology level, they also impact how we create products and design user interfaces and experiences.

The need for intelligent solutions that automate threat detection has never been timelier. The explosion of artificial intelligence within the global tech community is set to revolutionise the way we work.


Over the past decade, I’ve been fortunate enough to be involved with some of the most pioneering technologies and products. From legal tech to cyber security, music streaming apps and the birth of augmented reality. The common but coincidental theme has always been machine intelligence.

The challenge when developing pioneering technologies is that often you are solving very difficult problems without any precedent set by those before you - what could be more exciting!?

The value of experience

Tempting as it may be to get stuck in the weeds and talk about designing icons and layouts, I’d like to take a step back and look at the problems that cyber security professionals face and that Senseon set out to overcome. Whilst design is important, and I could spend hours going to great lengths on the topic (perhaps another time), this blog post is more focused around why the world needs better cyber security products.

But for full disclosure, I’m an advocate of the standardisation of icons and a lover of Font Awesome - totally worth the pro licence in my humble opinion!

I think it's also only fair to point out that cyber security is not new to me. I have in fact worked in the industry for nearly 6 years now, giving me a huge advantage to address some of the biggest issues. As you might expect in such an innovative tech company, the Senseon team is full of experienced and very talented individuals from all backgrounds of cyber security, be it government, military, national scale deployments or applied AI research.

It is our combined experience across the industry that has enabled us to intimately understand to the woes of the security professional, from analyst to CISO.

Our passion at Senseon is to really make a difference in the cyber community, to build a product that is as transformative as the underlying technology and ultimately to make many lives easier.


Some of the problems we set out to address:

  • The volume and complexity of cyber-attacks are only increasing

  • There are not enough skilled cyber analysts in the world

  • Organisations have to manage multiple security tools

  • Many security tools produce a high number of false positive alerts, wasting time

  • Organisations have different needs, budgets and skill levels

  • Products often neglect to reflect their users’ needs

 Alarming statistics of the reality for security professionals

Alarming statistics of the reality for security professionals

Senseon’s aim is to help organisations of all sizes cut through the noise, discount what is merely unusual, and bring focus to investigating genuine threats.

A cyber security platform for all

The first thing we realised when setting out and talking to security professionals is that often cyber security products are not designed to support all the functions of a security team. There are different roles and responsibilities, each with different needs, requiring different functionality.  

Take for example the role of an analyst compared to the role of a CISO.

  • The analyst needs a simple method of investigating genuine threats and cutting through the noise of false positive alerts.

  • The CISO needs a more holistic overview of risks and trends across the entire organisation.

 Senseon’s Dashboard view provides a holistic overview across the entire organisation

Senseon’s Dashboard view provides a holistic overview across the entire organisation

Often security products have not considered these requirements from the outset and end up bolting on interfaces at later stage (if at all) which can make for a very messy workflow and introduce complications down the line.

Whilst the ability to abstract the complexity of security through useful visualisations is helpful, they should not overshadow the fundamental task of making threat investigation more simple. All too often the analyst’s needs are overlooked. Smaller organisations, that don’t have a dedicated security team or the resource to learn complex systems will suffer and see less value in the product.

When creating the Senseon platform we considered the various roles and needs. We built custom interfaces to help our users carry out their jobs more efficiently - no matter what their level of expertise.


Future-proofing the platform was also a priority. This would allow for scalability and the addition of new features, meaning we can respond quickly to market demands and trends without disrupting our existing users.

Advanced technology, intuitive product

For me, a great area of passion is taking something very complex, almost unquantifiable, unimaginable or impossible to grasp and then creating it. Not only making it real, but usable and useful. There are many inventions and technologies that have this effect, but none more so in my mind than artificial intelligence.

At Senseon, we have not chosen to take the easy route. In fact, and perhaps counter to common sense, we have gone with what is the right thing to do and what the industry told us they needed.


Allow me to explain very briefly what it is that makes the technology behind Senseon utterly unique, but first to give you context, let's discuss the current approaches of other tools.

The industry is full of single point tools that rely on only one source of intelligence to make decisions. This limitation means they must err on the side of caution, and the result is that when they see something unusual, they must produce an alert - despite not having any degree of certainty that it is indeed malicious.

We enabled our intelligent system to automatically converse across the network, endpoint devices, cloud environments and Investigator Bots. These multiple ‘senses’ observe behaviour from multiple perspectives throughout entire organisation.

Senseon developed bots to automatically gather specific ‘just-in-time’ intelligence from beyond the organisation’s perimeter, and importantly we gave the AI the ability to have a conversation-like approach that allowed each of the components to talk to one another, pause for thought, and learn from experience rather than making rash decisions and snap judgements.

It is this combination of methods at the heart of Senseon that we call ‘AI Triangulation’ - the most advanced system of its kind.


Just because the technology is advanced does not mean that the product should be complex.

Surfacing what matters

One of the biggest problems that the industry faces is the sheer volume of data. Every year we consume more and more data and introduce more connected devices into our environments.

This creates a sea of noise that can distract organisations and provide opportunities for attackers to go unnoticed. The knock-on effect in security tools is the abundance of the alerts produced. We know that many of these alerts will in fact be false positives.

The cost to organisations wasting time investigating false positive alerts is huge. The average-sized company receives around 17,000 malware alerts a week, yet only 16% are deemed reliable and a shocking 4% are investigated.

This is exactly why the industry needs an intelligent solution that can perform a lot of the heavy lifting, but to do that we need accuracy.

Because Senseon’s AI Triangulation has both the intelligence and context to separate benign from genuine, it is able to carry out automated investigations with accuracy. This helps overstretched security teams to focus their efforts where they matter the most - investigating genuine threats.


Within the Senseon platform we show the value of automated investigations, highlighting the output of prioritised, genuine threats but also indicating all the investigations that were interesting but not malicious.

Senseon also caters for the needs of advanced users and experienced analysts. The Hunt view offers the tools to carry out manual investigations, giving access to the raw data gathered by Senseon.

Visualisation and abstracting complexity

Another unique feature of the Senseon platform is its ability to house observed activity in a case format. When anomalous and interesting activity is detected, a Case is opened. Senseon captures all relevant information about the involved devices, any processes that are running, the various users that are implicated and the connections and behaviours that link them all together.

 Senseon’s Investigate view provides a simple method of investigating threats

Senseon’s Investigate view provides a simple method of investigating threats

Cases deemed to be genuine threats are escalated for further investigation and cases that are not threats are closed and stored.

The Case Visualiser then breaks this highly contextualised information down into steps, allowing users to navigate and playback through a sequence of events as they unfold over time.


This visual representation simplifies investigation and enables users of any experience level to ‘see’ the threat and understand the relationship between the impacted devices and users.

Senseon also helps CISOs and security managers to visualise relevant features about their entire digital estate. The Dashboard is a custom interface that provides a holistic view that surfaces relevant information about the organisation and helps them to manage the output of their teams.

Trusting the machine

 Senseon provides details of the automated investigations it has performed

Senseon provides details of the automated investigations it has performed

During the process of building the platform and moving from wireframes to testing environments we realised the importance of exposing what the machine is doing and the decisions made by AI Triangulation. Because Senseon is capable of applying context to investigation it can discount non-malicious behaviour that other systems would alert upon.

These other systems will flood security teams with alerts that don’t warrant investigation, but at least you could see that the machine was doing something. Whereas on the face of it Senseon only alerts on genuinely malicious and interesting activity, but what about all the constant real time observations occurring.

The idea and need to show how the machine was thinking manifested itself in Senseon’s Experience view. Every single observation across all devices, users, the network, cloud environments and intelligence gathered from the investigator bots are exposed.


Not only does this enable users to see what the machine is doing but it also allows for a very robust system to carry out further investigations across the data.

An evolving product for an evolving threat landscape

As a technology-led company with a mission to make a difference in the cyber-community it is important that we stay ahead of the curve.

When we began designing the interface, we knew that it was critical to continually evolve to keep pace with the needs of the security landscape.


We built the interface around a widget-based system. Each widget would contain a unique and isolated function with a unique purpose.

 Senseon’s widget based system allows the product to adapt and to be customised

Senseon’s widget based system allows the product to adapt and to be customised

Widgets are very powerful because they allow Senseon to be agile. We can very quickly update existing standalone elements of the UI or introduce new widgets with new features without impacting the rest of the interface. It allows us to constantly innovate and adapt without making sacrifices or causing confusion to the users.

A widget-based system also allows for potential customisation of the platform and lets the users personalise their experience, giving them the choice to prioritise some features over others, perhaps even to add or remove widgets as they see fit.


The Future

Developing the Senseon platform and bringing it to the world and into the hands of security teams has been very rewarding. The response we’ve had from the market and from our customers has been so positive. It’s very flattering not only to receive great feedback about how good it looks or easy it is to use, but also to see a shared passion and the backing and support of those in our community.

Senseon’s tech roadmap is packed with amazing new features and developments that reflect our desire to innovate. I wish I could share some of these with you now, but that will have to wait for another blog.

I’m excited for the future of the Senseon platform as I believe it will revolutionise the industry and challenge the current tools on the market. It is vital that we continue to innovate, continue to respond to industry trends and continue to listen to our customers.


But I think it's fair to say, Senseon is a game-changer.


 

About the author

Ben-Wheeler-Senseon.jpg

Ben Wheeler, Creative Director, Senseon

Over the past decade, Ben has worked on some of the leading and award-winning AI technologies in cyber security, legal tech and computer vision software and has worked with global brands such as the BBC, Universal Pictures and Warner Music. He has considerable experience in bringing AI-led brands and applications to market.

 
ben wheeler