AEGIS Lab

Comprehensive Insider Threat Detection with Aegis CyberML™ Multi-layer Platform

Cyber-ML-Edited

Engineered Multi-layer AI Service

Aegis CyberML™ is a meticulously engineered multi-layer AI platform specifically designed for insider cybersecurity behavioral modeling and threat detection. The service operates through a series of components:
1. First AI Tier. This initial tier efficiently processes a wide range of engineered features crucial for modeling the behavior of all users and components within your organization’s IT ecosystem. By gaining an in-depth understanding of these behaviors, the AI solution can establish baseline patterns for all categories and effectively detect anomalous threat behaviors. To accomplish this, we employ two types of deep learning and machine learning models:
  • Semi-supervised AI Models. In this approach, normal behaviors are labeled, allowing for robust learning during training. Since insider threats are rare events, this type of labeling contributes to effective model training. However, it requires an initial larger effort to label normal behaviors.
  • Unsupervised AI Models. These models do not require labeling and perform well under the realistic assumption that insider threat cases are quite rare within the entire dataset.

2. Second AI Tier. This tier generates the final output for cyber threat detection by assigning an anomaly score to each instance and ranking them to create a comprehensive threat listing. This process aims to maximize the detection of genuine threats while minimizing false positives, ensuring optimal accuracy in threat identification.

AI AEGIS CyberSecurity AI models

Aegis CyberML™comes preloaded with ready-for-use cybersecurity AI models along multiple dimensions:

1. AI models targeting specific types of behavior and threat detection for each category within your physical and digital ecosystem:

Users: models to find anomalous behaviors and threats emanating from users.

Endpoints: models to find anomalous behaviors and threats emanating from endpoint machines and devices in your organization’s digital ecosystem.

Apps & processes: models to find anomalous behaviors and threats emanating from applications and processes operating within your IT landscape.

Network: models to find anomalous behaviors and threats that detected from networks’ traffic, packets and protocols.

Custom design: You can work with our team to configure any custom insider threat model that matches your organization’s specific operations and requirements.

2. AI models targeting specific types of anomaly and threat detection:

Point anomaly: given a single entity (user, endpoint, app, or network process) one or some of its behavioral features can be anomalous when compared to the rest of the same data set.

Collective anomaly: an entity (user, endpoint, app, or network process) may not present an anomalous behavior individually, but can be identified as such in a group of its peers.

Contextual anomaly: an entity (user, endpoint, app, or network process) displays an anomalous behavior only within contextual features, while it is identified as normal in a different context.

Lateral movement anomaly: identified as a threat only when considered within a temporal or physical sequence across different entities and categories.

3. Reinforcement learning is used for continuous dynamic learning through time. As new data arrives from a different source and network entity, the system automatically updates its features and the AI machine is retrained to account for new behavioral patterns and contexts.

AI AEGIS Cybersecurity Fine-tuning, Optimization and Backtesting

Aegis CyberML™ offers two additional services to improve the implementation speed and accuracy of the AI anomaly detection models:

Model fine-tuning & optimization:

Aegis CyberML™ is an auto-ML platform and the fine-tuning and optimization of an AI model’s hyperparameters is done by a specialized toolbox, testing the equivalent of tens of thousands of scenarios and saving considerable time during implementation.

Model backtesting:

When your customized Aegis CyberML™ platform becomes operational, you can execute the model over historic timeframes and measure the accuracy of the anomaly detection against actual scenarios.

Cyber Security Data Lake Diagram

Secure Your IT Ecosystem Now with Aegis CyberML™

Dive into advanced threat detection & behavioral modeling. Get started today!