Adding DarkLight is like adding virtual analysts to your team. With DarkLight doing the heavy lifting, the analyst can focus on hunting the most serious 1% of threats.
Deploying DarkLight complements your existing procedures and is easily adapted to your people, process and enterprise technology.
Threat detection and response can take from 12-24 hours in some organizations. DarkLight can reduce this process to only minutes.
DarkLight augments the deductive and investigative skills of the analyst by enabling them to easily create ontologies and embed their own expertise, specific to the needs of their enterprise.
DarkLight encodes enterprise knowledge of expert analysts, reducing the time it takes to improve the skills of junior analysts and train those new to your organization.
DarkLight can trigger enterprise security apps to orchestrate an automated response, or call for further analyst investigation.
By automating human cybersecurity analyst expert knowledge and work habits, DarkLight can infer facts and identify anomalous activity or events that would otherwise only be obvious to a team of security analysts.
Capture and retain the best practices and techniques of the most senior analysts to speed onboarding and make the whole team more effective.
Unlike all other workflow-driven or machine learning-based automation tools, this patented approach more effectively models normal and abnormal user and network behavior.
Evolved from more than four years of R&D inside one of America's top national research labs initially as a "person of interest" reasoning system, analysts working in national security designed DarkLight to give fellow analysts a remarkable tool to combat cyber crime.
At the core of DarkLight is the Programmable Reasoning Object℠ or PRO℠ which can find correlations and patterns between data sets — rapidly evaluating thousands or millions of events.
For most enterprises, cybersecurity has become a big-data analytics challenge. The sheer volume of alerts overwhelms even the most efficient Security Operation Centers. Our proprietary approach uses Description Logics (DL) and Semantic Graph analytics to process massive data streams and highlights actionable events.
Feeds from security appliances, network monitoring systems, SIEM and any other enterprise data source are normalized as they are brought into DarkLight. Because the analyst has encoded his unique methods and contextual knowledge of the organization into the Description Logics inference engine, it acts as his "virtual analyst" -- but at scale.
DarkLight automates the attribution and correlation of these system, sensor, event, appliance, and user activity logs and separates actionable threats for an orchestrated response or further analysis.