The case: Security On-Demand (SOD) provides hundreds of companies and public institutions with advanced cyber threat detection services. SOD services include 24/7 threat monitoring and detection, intrusion prevention, automated remediation, and log analysis.
The challenge: The task was to create a system that uses artificial intelligence to select events from logs, which should be dealt with in the first place by Security Operations Center (SOC) employees.
The solution: We designed an IT environment in which machine learning algorithms – based on historical data – detect suspicious events in the network traffic of SOD customers and inform SOC employees about it. The system includes user feedback and flagging of events, making the algorithms learn and become more effective in selecting actual threats.
Technology: active learning on tabular data, data labelling optimization, data science competitions platform knowledgepit.ai
Conclusions: End result combines various techniques that allow our customer to optimize their internal processes and computer security services they perform. It was also a successful proof of combining traditional machine learning project with a crowdsourcing approach.