Real Life Story
A senior analyst was investigating a suspected account compromise. Through a series of queries in their SIEM across multiple timeframes and fields, the analyst was able to determine that the user agent string of the account in question was highly anomalous, as it did not match historic activity. Based on this information, the senior analyst was able to confirm that there was, in fact, an account compromise. At the same time, a junior analyst was investigating the same user account. As they did not have nearly as much experience as the senior analyst, they relied only on coarse geo-IP locations associated with recent authentication events. The junior analyst saw that all locations were originating from the US, and thus determined that the account must not be compromised. Thankfully for the organization, the seasoned senior analyst was able to illustrate to the junior analyst how they came to their conclusion, and the account credentials were reset. However, not all organizations have such a seasoned security analyst, and when they do, they often don’t have a significant amount of time to train the junior staff.
Cybermonic is different
With Cybermonic, any analyst of any experience level can easily navigate to view the User entity, along with all of the various relationships represented in our Cyber Knowledge Graph, such as information on Locations, IPs, user agents, device display names, cryptographic protocols, etc. In addition to viewing these relationships, our graph intelligence illustrates which relationships are typical, and which are anomalous, based on the entities involved, as well as the environment as a whole.
Using the Cybermonic platform, both the senior and junior analysts are able to quickly query the system for the account in question. They can see immediately in the list of relationships that the user whose account was compromised was associated with anomalous user agent property, and device browser. The senior analyst can come to this conclusion without having to perform their own expensive statistical analysis, thus saving them time, and the junior analyst is able to come to the correct conclusion as the Cybermonic platform is able to highlight the relevant anomalous data corresponding to the anomalous user agent that was necessary for the junior analyst to make the right decision.
Generally, there is a problem with existing solutions
Performing complex statistical analysis on cyber data within various workflows (e.g. alert triage, incident response, threat hunting, etc) to answer questions such as “Is this activity normal” is difficult, time-consuming, and requires significant experience that only highly seasoned (and costly) analysts would have. Detecting what is abnormal based on historic data during an incident can also have a major impact on the response time and effectiveness of such response. Some security analysts would instead simply scroll through a few pages of, for example, authentication events, to make a determination as to what is normal or anomalous. Both the in-depth analysis, as well as the surface-level analysis, are costly in terms of time, detection, and the effectiveness and scope of the response. .
However, with Cybermonic
With Cybermonic, analysts of any skill level can benefit from the Cyber Knowledge Graph and the provided instant and intuitive statistical results on every single entity and relationship. Senior analysts will spend less time performing complex data analysis tasks, and instead focus on remediating their findings, and junior analysts will be empowered to detect more malicious activity on their own, and become more helpful to the organization earlier in their career. This is critical given that experienced analysts not only cost much more, but are hard to recruit and even harder to retain because of the burnout that data analysis causes. The Cybermonic Knowledge Graph makes both analysts feel more capable, empowered, and productive, leading to higher job satisfaction, and lower burnout rates.
About Cybermonic
Cybermonic was founded by researchers with PhDs in graph systems, graph analytics, graph AI/ML, and a track record of DARPA funded research on cybersecurity challenge problems. They have perfected their graph systems and graph algorithms in order to supercharge cybersecurity analysts.