Why a well-designed HCI is critical to your AI driven cybersecurity solution

November 24, 2017

Author: Nithen Naidoo, Founder and CEO


Most readers of this post will know Deep Blue, the computer that beat chess champion Garry Kasparov in 1996. Since then, and more so recently, Artificial Intelligence (AI) has been an industry buzzword and “the Tao” of the future.

I love everything about AI, but I believe in Intelligence Amplification (IA). IA is the synergy of human and machine (as opposed to the substitution), augmenting our capabilities (not replacing them).

So, why do I think IA is better? Let’s begin with a lesser known story, about a lesser known chess competition.

Eight years after Deep Blue, Kasparov competed in another chess competition which allowed humans to pair up with computers. Naturally, you would expect the best human-computer duo to dominate. Actually, amateur chess players with suboptimal computing platforms won. The upset was credited to a well-designed interface between a well-trained human and a data-rich computing platform.

So, having a data-rich platform with effective AI capability is important – but meaningless, if you (the analyst) can’t rapidly navigate, correlate, contextualise and gain insight from your data. Hence, we developed Snode’s cybersecurity solution with - data fusion at scale and machine-assisted analytics. However, more importantly, we designed a frictionless Human-Computer-Interface (HCI) - prioritising, maximising and galvanising the synergy between human and machine.


How Cyber Intelligence Works When All Else Fails

November 16, 2017

Author: Nithen Naidoo, Founder and CEO   At Snode, we like to see things differently and naturally gravitate towards alternative analysis. We are often asked why we use the phrase “Cyber Intelligence” as opposed to “Cybersecurity” to describe our real-time analytics platform. Our view is a paradigm shift (by design) and therefore not strictly aligned to standard definition. That said, it’s an excellent way to describe Snode’s unique value proposition. We see Cybersecurity as a technology layer, consisting of automated, signature based systems (e.g. Intrusion Prevention Systems); searching for known, commonly indiscriminate and unsophisticated attacks. We believe these traditional security controls are essential to a good security posture and complement the Snode Cyber Intelligence solution. Cyber Intelligence, in a Snode (design) context, is viewed as an autonomous layer that lies above the traditional cybersecurity stack; assessing network behaviours, threat intelligence and leveraging machine assisted analytics. Such technologies are designed to protect against more sophisticated and targeted attacks that have never been seen before and therefore circumvent signature based controls. As an example, consider the following: an authenticated, authorised finance staff member accesses a financial system database. Such activity would not be considered malicious by a signature based control and generally goes unnoticed as this is role-based acceptable behaviour. However, a Cyber Intelligence platform may report this behaviour as anomalous since it deviates from the user’s normal pattern of behaviour. Therefore, such activity may be indicative of, and reported as, a potential disclosure of sensitive data. This scenario was an actual finding at a Snode mining client. A subsequent investigation found that the employee was colluding with an organised labour (union) member to supply sensitive financial information ahead of an upcoming wage negotiation. Hence, we describe Cyber Intelligence as the technology layer that goes to work; when all else fails.


Re-invented Zeus malware Terdot, defied explanation, but cannot defeat detection

December 6, 2017

Author: Nithen Naidoo, Founder and CEO (Snode)   During October 2017, Snode's cybersecurity platform (Guardian) found an increasing trend in SA networks being infected by the well-known Zeus malware. Although the Zeus Trojan (discovered back in July 2007) is still considered one of the most prolific malware variants affecting the Internet today; the retro plague perplexed our analysts. The finding’s fallacy is that most (if not all) traditional anti-malware controls today can reliably defend against the Zeus malware threat. At the time, we could not explain how a 10-year-old Trojan was (as reported by our learning machine) effortlessly propagating through large SA corporate networks; unhindered and undetected. A fitting explanation was later provided courtesy of the global security technology firm, Bitdefender. Bitdefender’s researchers released a paper (mid November 2017) on the discovery of a new “Zeus inspired” Trojan, called Terdot. A surprising insight from their research is that they first discovered the Trojan in October 2016; which highlights a challenge in our machine-assisted analytics. You see, the machine-learnt Zeus malware's "pattern of behaviour" was now mimicked by Terdot. As a matter of fact, Snode's learning machine could only learn to accurately identify Terdot, by unlearning everything it knew about the Zeus malware. Hence why our learning machine is augmented by our (human) analysts as it allowed us to reliably distinguish between these two malware variants. Now, it is not often that a cybersecurity vendor will openly discuss the flaws in their machine learning and pattern recognition software. However, at Snode we do not build software, we deliver solutions (and we value transparency). This is why our machine-assisted analytics is backed by (and never delivered without) our human intelligence. Something to keep in mind, if you believe that AI-supported threat detection (neural network based pattern recognition) software will transcend your security posture to a cybersecurity nirvana, it won't, at least not yet. However, by enhancing your posture with such technology (defence in depth), you wont get trapped in a false sense of security, solely relying on the latest antivirus signatures to save you. Keep in mind that Terdot, was circulating in the wild for an entire year without signature-based detection. I would like to thank and give credit to the Bitdefender Research Labs for making the Terdot discovery. For more information, you can find the full research paper here.