How Unsupervised Neural Networks and Network Detection and Response Provide Direct Benefit to SOC and SecOps Teams - ThreatWarrior

How Unsupervised Neural Networks and Network Detection and Response Provide Direct Benefit to SOC and SecOps Teams


ThreatWarrior has developed a network detection and response (NDR) solution based on unsupervised neural networks. Our NDR implementation is made unique and valuable through a set of neural networking design principles. By utilizing unsupervised machine learning (ML), network detection and response tools can identify anomalous behavior and potential threats without relying on predefined rules or labeled data. Meta representations allow our neural networks to analyze the entire packet stream and generate a holistic view of network traffic, enabling the platform to detect sophisticated threats that may be missed by traditional signature-based methods. Custom feature hierarchies and real-time learning allow our neural networks to quickly adapt to changing network environments and identify new threats. Finally, training granularity allows our platform to focus on specific areas of the network, providing detailed insights into potential threats and reducing false positives. With these principles in place, ThreatWarrior’s NDR platform is able to deliver a powerful and effective solution for protecting networks from potential threats.

Example benefits that SOC and SecOps teams can realize with ThreatWarrior NDR:


Faster, more accurate traffic understanding

Through unsupervised ML, ThreatWarrior’s network traffic analysis learns faster and scales further than more commonly employed supervised ML approaches. Rather than feeding our engines with network data that has been labeled good or bad, ThreatWarrior explores inputs, analyzes each, and outputs a richer set of pattern findings.


No ‘normal behavior’ bias

ThreatWarrior distills traffic patterns down to unique ‘meta’ representations. Meta representations prevent the introduction of human bias. Biases can – without intention – slant or steer a neural network into a ‘line of thinking’. That can eventually create blind spots in a machine’s ‘thinking’. With ThreatWarrior, deep learning trains machines with no preconceived notions of ‘normal behavior’.


No traffic misclassification

Our deep neural networks develop custom feature hierarchies that capture the essence of a specific network as opposed to the features a product engineer believes should matter. By allowing a system to form its own thought around data classification and segmentation, anomaly discovery through AI-driven network traffic analytics becomes more comprehensive and accurate.


Faster data training

ThreatWarrior’s deep learning approach allows us to circumvent the limitations of feature engineering. In the past it was not feasible for a computer to understand raw data with zero guidance. One had to guide it through supervision to help it understand what it was seeing. For example, a request like ‘learn to recognize faces by looking at pictures of faces’ was a cognitive inability. To guide machines, computer scientists hand-crafted algorithms to detect different kinds of lines and edges. Researchers made educated guesses as to what kind of features would even prove useful. Eventually, layer upon layer of hand-crafted features built up from simple lines and shapes could crudely describe facial features like eyes, ears, noses and lips. Those high-level, engineered features would then be the input to the engine instead of raw data. With neural networks we can skip the tedious and expensive human-based ‘pre training’ and allow computers to learn directly from raw data – freeing researchers and programmers to focus on higher order work.


Unique customer and network segmentation

ThreatWarrior trains custom models for each customer and each network segment within a customer’s IT environment. For each monitored network segment, a deep neural network is built and trained on samples of traffic metadata from only that segment. Further, datasets are sampled across different time strata. As a result, ThreatWarrior baselines can be tightly bound to each observed network segment. For example, the traffic patterns for a network segment composed of office workers will be quite different from a segment that contains outward facing e-commerce traffic. Once each segment is ‘mapped’ it becomes easier to discern abnormal east-west and north-south traffic. This is a fundamentally different approach than traditional network traffic analysis tools that simply observe traffic en masse, aggregate it into a cloud instance, and then push a generic set of anomaly patterns to a set of customers.


Unsupervised Neural Networking Superiority

Many security solutions are currently moving past rule-based and Bayesian reasoning algorithms into supervised machine learning. While this is a solid step forward, it lacks the ability to scale cost-effectively. Unsupervised neural networks are far superior at making sense of network traffic and enabling humans to fend off determined adversaries. ThreatWarrior’s NDR solution has been designed around unsupervised neural networks and deep learning technology from inception. We help organizations close the cybersecurity gap faster and more cost-effectively than less advanced approaches.


To understand more about how we see AI evolving, and specifically why we believe it is the next frontier for finding and rooting out suspicious and malicious activity in business networks, take a look at our white paper. If you have any questions about what we have shared, feel free to reach out. We love to talk about AI and how ThreatWarrior plans to advance its impact on cybersecurity.


Related Insights