DarkLight Offers Artificial Intelligence to Enhance Cybersecurity Defenses

Print Friendly, PDF & Email

Champion Technology Company, Inc., developer of DarkLight, an AI expert system for active cyber defense and trusted information sharing, released their latest technology update with DarkLight 3.0. Enterprises are under constant attack from increasingly sophisticated cyber adversaries and the time is right to tip the balance back in favor of beleaguered defenders. The new 3.0 version of DarkLight does just that, employing an artificial intelligence-based expert system designed to enhance existing security tools and teams, and deliver human-quality results at scale.

As a first of its kind expert system, the new DarkLight AI is trained to think and act like a human analyst, implementing known strategies from the best defenders and analysts in the form of playbooks to discover and identify attacks made against protected networks, and acting to mitigate those threats to combat the most determined adversaries. Almost half of all organizations say they can’t hire enough people with solid cybersecurity skills, but organizations who deploy DarkLight can multiply the cyber analytic tradecraft of their existing teams, employing AI to enhance and supplement the human defenders.

DarkLight 3.0 automates what was previously human-only activities and tasks within cyber defense. It is purpose-built to handle sense-making and decision-making operations in frameworks such as the Integrated Adaptive Cyber Defense (IACD), a collaboration between NSA, DHS, Johns Hopkins APL and many industry leading vendors. In fact, with DarkLight, analysts can now encode and automate any of their logical processes, running them at machine-speed, 24-hours a day.

Most of the AI cyber defense solutions on the market today are machine learning based, pitting the algorithms of the data scientists against the tradecraft knowledge and experience of a human threat actor,” remarked Shawn Riley, DarkLight’s Chief Data Officer. “DarkLight is a different type of AI — it’s an expert system that is designed to emulate the sense-making and decision-making abilities of human experts. Ontologies allow the expert system to understand the meaning of the security data it is observing and AI-driven playbooks encode the tradecraft knowledge and experience of human cyber defense experts. We can effectively pit the threat actor’s tradecraft knowledge and experience against the collective knowledge and experience of human cyber defense experts who have encoded their tradecraft knowledge and experience in the AI-driven playbooks. These playbooks are sharable, fully explainable, and can be used for training and education.”

DarkLight 3.0 incorporates the IACD framework to support active cyber defense, STIX and TAXII for trusted information sharing, OpenC2 for unambiguous command and control of cyber defense technologies, as well as many of the standardized languages of the cybersecurity measurement and management architecture such as CVE, CWE, and CAPEC. DarkLight makes it easy for analysts to build AI-driven playbooks with visual ‘building block’ step pieces that can be chained together to create simple or complex playbooks without having to be a developer or data scientist. Playbooks can be mapped to the Center for Internet Security’s 20 Critical Security Controls and on to regulations such as the NIST Cybersecurity Framework, PCI-DSS, or others. Tactical playbooks can be mapped to both the cyber effect matrix and the cyber terrain model to help organizations understand, identify, and address their active defense gaps.

DarkLight applies the Intelligence Community’s state-of-the-art object-based production methodology to organize what is known about the threats and risks in the cyber ecosystem and enables activity-based intelligence playbooks that focus on behaviors, activities, and transactions to discover the unknown unknowns. With its object-based, drag and drop interface, DarkLight supports even the most advanced users looking to perform complex tasks like identifying lateral movement, threat hunting and monitoring for insider threats.

Regardless of an analyst’s skill level, DarkLight automates and enhances their analytic tradecraft, leveraging deductive reasoning to support a data-driven, intelligence-based active defense. As a result, DarkLight produces cybersecurity knowledge that yields correct predictions and reliable outcomes that are applied to courses of action, reducing false-positives and acting as a “virtual analyst” working at scale 24-hours a day.


Sign up for the free insideBIGDATA newsletter.

Speak Your Mind