Stephan Jou, CTOThe spiraling number of vulnerabilities, threats, and breaches has resulted in cybersecurity becoming a significant pain point for all enterprises. As these figures continue to rise in parallel to the increasing complexity of today’s enterprise infrastructures, CISOs struggle to keep things at bay, let alone have time to take preventive action. Crunching these numbers—in both senses of the word— requires rigorous analysis of the behavior of vast numbers events and entities. And when it comes to cybersecurity analytics, separating the needles from the haystack is just as good as a job half done; for, it is equally crucial to identify and classify the potential use (or misuse) of needles for turning insights into actionable ones. Ontario based Interset offers a solution to this looming cybersecurity predicament. The company’s solution stack makes the best use of behavioral analytics and machine learning atop open, big data architectures. “Our solution can distill billions of cybersecurity events into a handful of―about a dozen―actionable leads,” says Stephan Jou, Interset’s CTO.
The Interset platform can single-handedly address use cases such as insider threat detection, compromised account detection, incident validation and investigation, privileged account monitoring, and even compliance to regulations such as GDPR. At its core, the platform leverages more than 350 ‘unsupervised machine learning algorithms,’ which (unlike a traditional rules-based approach) constantly self-learns and adapt within the deployed environment. These algorithms were designed by the company’s team of data scientists and engineers, many of whom have even worked for prestigious initiatives including IBM Watson. Packaged as a multi-tenant, scalable, and cloud-friendly offering with easy, native integration, Interset eliminates the need to serially work with multiple siloed systems and instead unites tools into one data-rich, holistic solution.
Referring to a case study pertaining to insider threats, Jou talks about one of Interset’s clients who had set out to test them. The semiconductor company wanted to deploy Interset’s analytics on their source code audit log files to test to see if Interset could spot two of its engineers who they knew had stolen valuable source code from them.
Our solution can distill billions of cybersecurity events into a handful of―about a dozen― actionable leads
The client was exploring the possibilities of gaining the ability to detect insider threats automatically without needing to deploy agents. In a matter of two weeks, Interset was able to analyze more than ninety days’ worth of data which amounted to billions of events of source code log files. Without any rules or thresholds, analysis not only identified the two known bad actors, but also exposed eleven additional engineers from China, which the client was unaware of.
Interset works closely with its clients to develop custom use cases that are relevant to their data sources. As a promising initiative, the company plans to offer its clients a model builder that packages UI, a data science toolkit, and APIs which can be leveraged for making custom use cases. “All this is made possible because we have invested four years of our own internal R&D in developing this platform from the ground up; we now have enough flexibility for ourselves such that it effectively translates to our customers. It is something that is really hard to do any other way, and we are proud of it,” mentions Lou.
Since its beginnings in 2015, Interset has gained notable attention in the startup space as well as the cybersecurity arena. After a yearlong evaluation and beating out more than thirty competitors, Interset was able to procure backing from In-Q-Tel, the technology investment branch associated with the U.S. intelligence community. The Interset analytics engine is also licensed to four other cybersecurity companies, including McAfee, to power their offerings.