Defensive AI system implements strategies from the best analysts
Champion Technology Company, developer of DarkLight, an AI expert system for active cyber defense and trusted information sharing, today released their latest technology update with DarkLight 3.0.
Almost half of all organizations say they can’t hire enough people with solid cybersecurity skills. The new DarkLight defensive AI is trained to think and act like a human analyst, implementing known strategies from the best defenders and analysts in the form of playbooks to discover and identify attacks made against protected networks, and acting to mitigate those threats to combat the most determined adversaries.
DarkLight 3.0 automates what was previously human-only activities and tasks within cyber defense. It is built to handle sense-making and decision-making operations in frameworks such as the Integrated Adaptive Cyber Defense (IACD), a collaboration between NSA, DHS, Johns Hopkins APL and many industry leading vendors. In fact, with DarkLight, analysts can now encode and automate any of their logical processes, running them at machine-speed, 24-hours a day.
The AI system incorporates the IACD framework to support active cyber defense, STIX and TAXII for trusted information sharing, OpenC2 for unambiguous command and control of cyber defense technologies, as well as many of the standardized languages of the cybersecurity measurement and management architecture such as CVE, CWE, and CAPEC.
DarkLight makes it easy for analysts to build AI-driven playbooks with visual ‘building block’ step pieces that can be chained together to create simple or complex playbooks without having to be a developer or data scientist.
Playbooks can be mapped to the Center for Internet Security’s 20 Critical Security Controls and on to regulations such as the NIST Cybersecurity Framework, PCI-DSS, or others. Tactical playbooks can be mapped to both the cyber effect matrix and the cyber terrain model to help organizations understand, identify, and address their active defense gaps. These playbooks are sharable, fully explainable, and can be used for training and education.
DarkLight applies the Intelligence Community’s object-based production methodology to organize what is known about the threats and risks in the cyber ecosystem and enables activity-based intelligence playbooks that focus on behaviors, activities, and transactions to discover the unknown unknowns. With its object-based, drag and drop interface, DarkLight supports even the most advanced users looking to perform complex tasks like identifying lateral movement, threat hunting and monitoring for insider threats.