For months now, our intelligence and data science team has been hard at work in AI-based solutions aimed at cybersecurity. Seeing the pain points of the industry and our clients, it became clear that Edge and IoT infrastructures were severely underprotected, giving bad actors a large enough attack surface where safety measures were few and vulnerable.
Today, after months of extraordinary work, we are proud to introduce you to AI EdgeLabs, the cornerstone of our cybersecurity solution offerings.
What is AI EdgeLabs?
AI EdgeLabs is a powerful and autonomous cybersecurity AI platform that helps security teams respond immediately to ongoing attacks and protect Edge/IoT infrastructures against malware, ransomware, DDoS, botnets, and other threats. AI EdgeLabs delivers cybersecurity measures by bringing network visibility, early threat detection, and automated incident response in the Edge and on-prem environments.
AI EdgeLabs Components
Sensor - a small piece of software that can be installed directly into the Edge and work as autonomous threat detection and prevention software. The Sensor is the agent that holds AI models and extracts network-based data points and provides threat detection and prevention on the spot.
Backbone - API server that holds communication between Edges, Security Operation Teams, and EdgeLabs infrastructure, where it stores incidents/features/historical data for operations in future. Backbone provides core functionality for alert mitigation and deduplication. The Sensor sends compacted telemetry and registers alerts directly on the Backbone.
The Lab - internal ecosystem for the DataScience and Security R&D teams that provides capabilities to research new threat patterns, re-train AI models, and maintain a knowledgebase of the threats and attacks that are known on the market and can be applied for detection of new threats with AI.
We created AI EdgeLabs after seeing the dire need and trend at the Edge of reducing latency. Edge Nodes, IoT Devices and IoT Gateways are often deployed far outside a centralized data infrastructure or datacenter, making it significantly harder to monitor from both a digital and physical security standpoint.
There is a range of edge computing security risks that pose the highest threat for the organizations due to vulnerable Edge security architecture:
- Theft of the data on a device;
- Data exfiltration on a device;
- A distributed ransomware attack;
- Unauthorized access to centralized computing resources.
To protect against these vulnerabilities, we created AI EdgeLabs with artificial intelligence and reinforcement learning models to deliver advanced cybersecurity capabilities at every layer of the Edge architecture.
AI EdgeLabs Applications
How does the AI EdgeLabs Sensor work?
The EdgeLab Sensor is a proprietary network telemetry and monitoring agent that continuously scans and reports network and Edge/IoT Gateway performance and configuration. It holds an AI-powered model stack that continuously checks traffic behavior through pre-trained algorithms. With EdgeLab Sensor, infrastructure teams can locate application performance problems faster, reduce time-to-diagnosis, and accelerate time-to-repair without additional efforts for deployment and integration thanks to plug and play capabilities.
During the first deployment, the EdgeLabs Sensor runs a configurable set of security checks and topology research to collect the initial context of the environment. Data from these collections is analyzed by the EdgeLabs AI Platform™ (ELAP).
ELAP provides a set of AI-based models which are pre-trained in the existing knowledge base of threat patterns and attack signatures; this pre-training is always done centrally on ELAP. By running these collections from a fleet of well-distributed/placed EdgeLabs Sensors, the AI Security team can dramatically improve the precision with which they instrument, monitor, and maintain their application delivery infrastructure.
The EdgeLabs Sensor helps:
- Generate near-time visibility of infrastructure and application performance.
- Prevent and block threat sources in real-time.
- Integrate cloud-based and on-premises application performance monitoring.
- Monitor SaaS applications from your users’ vantage point.
- Monitor IaaS resources from your users’ vantage point.
What are the AI EdgeLabs key features?
NETWORK VISIBILITY & ANOMALY DETECTION
- Low noise-to-signal ratio for Lateral Movement attack detection at scale;
- Selection of next steps for threats for easy acceptance, mitigation, and remediation of risk vulnerabilities. Individual or bulk support for lifecycle disposition;
- Centralized dashboard that offers attack surface visibility and network topology signaling both abnormal behavior and alerts;
- Robust security audit reports and posture based on assets with clear recommendations on how to solve specific security issues.
- Threat monitoring based on the latest behavior-based analytics.
- Rich traffic inspection for anomalous patterns with Reinforcement Learning algorithms and threat modeling.
- Threat level overview and severity-based prioritization.
- In-depth alerts with context of adversary tactics, techniques, and procedures (TTPs).
- Scope mapping of MITRE ATT&CK by the security team.
INCIDENT RESPONSE & REMEDIATION
- Real-time visibility across an organization’s information security systems (SIEM).
- Threat history and research based on historical data.
- Anomalous behavior reporting and forensics.
- SOC/NOC Monitoring (24/7).
- Alerting system with Jira, Slack, Discord, and other reporting system integrations.
Integration and implementation phases
AI EdgeLabs is packed for immediate use and we offer prospects a trial of the solution to try out the basic functionality. Reach out to our AI EdgeLabs representatives to get your free trial