Skip to main content

CYBEROO’s continuous investment in R&D has made possible the release of important updates to the Cypeer module, with the implementation of advanced Adaptive AI and Machine Learning technologies that enable improved analysis and stronger security activities.

Cypeer: Internal Security Management

The purpose of Cypeer is to retrieve information and alerts from all available sources at the customer’s premises in order to correlate this data and provide analysts with an overview for a rapid and effective threat response.

Since heterogeneous systems from various vendors provide a differentiated and non-unique view of the risk associated with the events they generate, Cypeer was designed to provide its own interpretation of that risk.

The update presented in this article aims to further refine Cypeer’s ability to provide a risk level of related events by adding, among other things, an adaptive artificial intelligence component.

 

AI & Proactive Machine Learning for better prioritization

The Cypeer update has the following objectives:

  • Reduction of false positives through behavioral analysis
  • Greater adaptability and adherence to customer context
  • Greater detail of the scenario and context of the case under analysis

 

Dynamic severity to improve the quality of alerts

Until now, the risk level of alerts was given by a fixed threshold provided by the analysts (the CyberArchitects) who defined the alert. This is no longer the case today. Dynamic Severity has been implemented. This feature applies to any product we integrate.

The alarm inherits directly in the first instance the level of risk provided by the source from which it was processed.

Let us look at a couple of examples:

  1. If a firewall sends us a High level alert, even if it coincides with one of our alerts of a different level, it is now categorized as High.
  2. If the source of the data has blocked the event, Cypeer automatically lowers the risk level by one level on a scale from low to critical (low, medium, high, critical), on the contrary, it keeps it as it is.

 

Dynamic Severity: a new Machine Learning module in service

For the same alarm, after this initial recognition phase of Dynamic Severity, a proactive Machine Learning (ML) module is activated, which is able to decide whether to lower or increase the risk level.

Let us look at a couple of examples:

Example 1: failed attempts

If a BruteForce is observed, but the incidence of the number of failed attempts is not very high (50 attempts for example), the ML lowers the risk level. On the contrary, it raises it.

If, however, by analyzing an alarm entity – such as a user – it is confirmed that the user is an administrator user, the ML raises the risk level.

Analyses on administrator users are carried out not only with the name of the user (Administrator, Admin, etc.) but also – and above all – by correlating the user’s permission level by retrieving it directly from the Active Directory.

Example 2: access-from-different-location

In the case of two simultaneous accesses from two different locations, the ML assesses whether or not travel is impossible.

It places a low level of risk if travel is impossible but only a few hours, i.e. if the flight distance of the two nearest airports is greater than the access times from the two countries.

Whereas the risk increases as the impossibility of travel increases.

 

High magnification for effective targeting

In conclusion, the released update allows Cypeer to further refine its detection capabilities by reinforcing what is the differentiating peculiarity of MDR systems, i.e. the ability to assess from the millions of events and information retrieved for a business reality, what are the real threats is that need to be promptly handled.

All this, using an adaptive artificial intelligence system specifically set up for security analysis, designed to replace (to a large extent) the tasks that a human specialist would have to perform.