Virtualization Technology News and Information
Article
RSS
VMblog's Expert Interviews: Elysium Analytics Talks Machine Learning and AI-based Cognitive Cybersecurity

 

VMblog recently sat down with Satish Abburi, founder of Elysium Analytics, to find out more about the company, as they continue to work towards solving the security issues that face today’s enterprises.

VMblog:  Who is Elysium Analytics and please explain for readers what you do.

Satish Abburi:  Elysium Analytics is a new Machine Learning and AI-based cognitive cybersecurity built on open source software, and we've just built a unique platform for handling massive Big Data volumes. We partner closely with Cloudera to provide a fully-integrated Cognitive SIEMTM and User and Entity Behavior Analytics (UEBA) solution.

So, what is that exactly? In a nutshell, there are so many new cyberthreats out there that are polymorphic - that is, they're constantly mutating in order to fly under the radar of today's security systems. In effect, these types of malware are constantly changing their identifiable features in order to evade detection. Many of the common forms of malware can be polymorphic, including viruses, worms, bots, trojans, or keyloggers.

Because today's security solutions struggle to get a lock on polymorphic threats, the risk to enterprises is growing rapidly. What we do is to look closely not only at what the threat looks like, but how it behaves. In effect, we're able to understand more about polymorphic threats using AI that learns to identify not just threat signatures, but also the way the threat moves in the network. When you couple these two aspects together, we're better able to identify these threats because we've built a bigger picture than other companies out there can.

VMblog:  Cybersecurity is a crowded market, how does the Elysium distinguish itself?

Abburi:  There are lots of Security Information and Event Management (SIEM) companies out there and it's a well-established market. SIEM effectively provides a single pane of glass over multiple security systems that allows analysts working in the Security Operations Center to make educated decisions about where security risk lies and how to handle it.

We're different because, in the face of growing threat complexity and malware that can mutate, we help enterprises stay on top of dynamic security environments and continue to make the right decisions as judgment calls becomes more difficult and as a gap is appearing between the ability of today's systems to detect issues versus the ability of malware to fool them.

VMblog:  There are plenty of SIEM systems out there - what makes yours any different?

Abburi:  We're finding that both traditional and modern cybersecurity platforms often suffer from one or more of the following limitations: 
  • A long time to threat detection. Many organizations use SIEMs to collect, aggregate and correlate data, then analyze the data by hand-written rules which may or may not target the right data.
  • Limited functionality. Standard cybersecurity platforms were built around the idea of humans or applications accessing IT resources, preventing their effective handling of machine-to-machine communications. This is because in these communications, there are no user profiles to query, no syslogs to view or any other traditional data generated by authentication systems.
  • Limited performance and scalability. As more devices are connected and users added, the tasks of securing the network can break standard platforms due to their design limitations, leaving organizations increasingly exposed as data volumes grow.
  • Difficulty in Use. The limitations of existing cybersecurity architectures have always made them difficult and complex to use. As the number of connected devices explode, especially without logs or user information, the need for workarounds and patches of these architectures are destined to overwhelm even the most well-staffed security organization.

The Elysium Analytics platform integrates with Cloudera's open source Apache Metron to handle massive data volumes, while the open data model and UEBA enables data ingestion from an unprecedentedly broad array of data sources like Splunk for simpler integration and significantly extended retention periods.  It can be deployed either in the cloud, a hybrid cloud, or as an appliance.

VMblog:  Do you think enterprises are underestimating the threat posed by polymorphic malware?

Abburi:  It's not really as much a matter of under or overestimating the threat as it is they're not understanding them well enough and knowing how to counter them.  The complexity is making it very hard for them to keep up and the natural reaction is hope for the best with what you have.  When you have vendors and technologists telling you different stories and making conflicting claims, it's hard for security professionals to distill what's really going on. 

VMblog:  Would you agree that the terms 'artificial intelligence' and 'machine learning' are being over-hyped in the cybersecurity market?

Abburi:  Undoubtedly.  Just like "cloud" 5-10 years ago and "Big Data" more recently, AI/ML have entered the lexicon of hyperbole of technology companies. And for every mention of these terms, you get a different definition. As technology suppliers struggle to differentiate themselves, they try to throw out words that sound impressive but often have little foundation in what they offer. It degrades the perceived value of ML/AI, even though these are the foundation of handling huge, dynamic environments and data sets.

##

Published Wednesday, April 10, 2019 8:26 AM by David Marshall
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
top25
Calendar
<April 2019>
SuMoTuWeThFrSa
31123456
78910111213
14151617181920
21222324252627
2829301234
567891011