You are here
Title: Lead Scientist
Phone: (734) 887-7643
Phone: (734) 845-2568
Many current approaches applying big data analytics to defensive cyberspace operations (DCO) are based on two premises: queries that find known anomalies (e.g., indicators of compromise) and/or applying machine learning to detect anomalous behavior. While some claim to predict attacks, in truth those attacks must have already been detected somewhere, characterized, and added to a knowledge base. What current approaches have in common is bottom-up, deductive reasoning, which is well suited to detection but not prediction. The current state of the art in big data security analytics is inherently reactive, not proactive. It is also hampered by complex query writing and inflexible reports. SoarTech, an industry leader in the development of cognitive models of human reasoning, proposes to build Virgo, a Big Data DCO platform that extends the state of the art by incorporating intuitive querying and reporting as well as predictive analytics. SoarTechs key to success is the application of both bottom-up deductive and top-down abductive approaches to support effective detection and anticipation of subsequent adversary actions. Building on previous internal research, our knowledge in big data, and our long history of research in intelligent agents, Virgo will allow analysts to anticipate attackers goals and future actions.
* Information listed above is at the time of submission. *