In the first of our 12-part Q&A series last week, we answered the question "How do we collect data?"
Today, we're going to talk about what we do with that data once it arrives back at HQ.
After the journey back to MACeHome, the collected data is passed through our AI/ML models (The Haystack) which is part of MAP (Milton Argos Platform).
The Haystack, which pays homage to the difficulty of finding the needle, or threat, uses both supervised and unsupervised learning (think lots of regression analysis and math - yes, we were "those" students) to look for the outliers and the unusual within the data to help us quickly identify any threat, report back to you, and resolve the issue before anything malicious can occur.
Inside of the Haystack there are three key processing areas:
Provides AI/ML at scale
Named for Norbert Wiener, the father of cybernetics and a true genius in our humble opinion
Gathers data from various sources and enriches our ability to synthesize different types of threats
Of course we had to name this system after the ancient scientist and mathematician who had a great impact on our view in Astronomy and Geography
Looks for and identifies patterns in network traffic
Named for, well, a piece of metal that has its atoms aligned such that material attracts other objects based on its atomic structure
In addition to the Haystack, our Expert Human Threat Hunters inside our SOC are crucial in digging deeper into the results, strategizing and executing a plan to stop the threat and mitigate the risk, then effectively communicating with you. After all, Norbert and Ptolemy aren't exactly empathetic.
Like we said last week, the key to our effective threat hunting process is getting the data into the MAP. Once there, we're able to visualize exactly what is going on behind the curtains, come up with a plan to boot the actors, and lock the door behind them.
Curious about the Haystack or have other questions about our process? Is there anything else you've been wondering about when it comes to threat hunting? Just send us a question in the form!