thatDot Novelty Detector reduces false-positive findings for SOC analysts
thatDot released Novelty Detector, a real-time graph AI for cybersecurity anomaly detection on categorical data built on their open source streaming graph, Quine.
Only Novelty Detector’s patent-pending technique uses categorical data to score streaming data in real time to detect malicious behavior much sooner in the kill chain and with fewer false positives and lower analyst effort.
Traditional anomaly detection ignores categorical data, instead relying strictly on numerical data and statistical analysis, which breaks down in the face of high data dimensionality and produces massive volumes of false positives and alert fatigue for SOC analysts. Malicious activity remains undetected or is detected too late in the kill chain to prevent exposure and damage.
Built on Quine.io open source streaming graph technology, only thatDot’s Novelty Detector taps into vast amounts of previously unused categorical data to accurately and efficiently model the behaviors of systems, devices, applications and users, all without requiring expensive data labeling or analyst effort.
Novelty Detector delivers real-time novelty scoring on streaming data immediately, as it’s ingested. Combined with the context of previous data and the power of graph data models, Novelty Detector massively reduces false positives, while easily scaling to millions of events per second.
“Current analytical tools are built for numeric data, leaving aside all the valuable context contained and behavioral signals in categorical data that is key to distinguishing between unique and anomalous events, and if new events are actually normal,” said Ryan Wright, CEO of thatDot. “Categorical data at scale is the future of anomaly detection in cybersecurity. Using Novelty Detector, organizations gain real-time novelty scores, assessments and explanations through behavioral fingerprinting, without the frustration and fatigue of overwhelming volumes of false positives.”
Latest release adds automatic unsupervised model training
The GA release of Novelty Detector, available now, includes a new automatic unsupervised training feature. This innovation means the system ingests data, calibrates and trains itself, then scores every piece of data in real-time for how unusual it is. With this new capability, difficult security problems like insider threat detection and cloud credential theft are automatically solved, and produce real-time actionable results.
“Novelty Detector is a remarkable combination of a powerful graph AI software tool for anomaly detection that is easy to operate,” said Gery Szlobodnyik, CEO of TraceRiser. “We feed data into the system and it tells us when it has seen enough to start delivering value. I wish all machine learning systems were that simple.”
Novelty Detection is just one of the many applications of open source Quine streaming graph technology. Partners, community members and contributors have already created and shared pre-built configurations for Quine, called recipes, that package up valuable use cases for one-click operation.