Source: www.darkreading.com – Author: Dark Reading Staff
Soure: Zoonar GmbH via Alamy Stock Photo
Organizations are harnessing artificial intelligence (AI) to boost their security teams’ productivity and detect potential threats. DeepTempo emerged from stealth on Nov. 12 with Tempo, a deep learning-based Snowflake native app. Tempo helps security teams maintain data privacy and compliance while boosting enterprise defenses, the company in a statement. DeepTempo is integrating AI-powered security capabilities into an established cloud environment, in this case, Snowflake.
Organizations benefit from faster detection of attack indicators, including new and and evolving threats, within their Snowflake environments, the company said. They can also optimize security spending by running Tempo on existing security data lakes.
DeepTempo built and trained a log language model (LLGM) to detects anomalies in network traffic and other services. The algorithm was pretrained on large amounts of log data to focus on the pattern of events, including relative and absolute time. Tempo has been optimized to work with Netflow data, and the company is recruiting teams with similar logs, such as VPC Flow, as design partners. Interested security teams can try out with Tempo with a sample data set from the Canadian Institute for Cybersecurity and view the output in Splunk.
Along with detecting anomalies, Tempo provides additional context that can be used for security triage and response, such as looking up similar patterns from the MITRE ATT&CK framework and listing potentially impacted entities. Tempo also allows “organizations to keep more of their logs within Snowflake and use their SIEMs primarily for incident response rather than log storage,” the company said. DeepTempo said a large financial institution projected savings of “several million dollars, representing up to 45 percent of their existing SIEM spending” by using Snowflake as its system of record and not relying on a separate security information and event management (SIEM) system.
“Tempo has demonstrated a unique blend of accuracy and practicality, with false positive and false negative rates lower than one percent after adaptation to a new user’s domain,” the company said, noting that Tempo doesn’t need to know the different attack patterns. “It simply recognizes when activities deviate from the norm, triggering detection for any threat that emerges.”
Original Post URL: https://www.darkreading.com/cybersecurity-operations/untitled
Category & Tags: –
Views: 0