Credit: Christiaan Colen
A former FireEye engineer has kicked off a startup whose machine learning and artificial intelligence technologies will compete against his former employer’s threat-prevention platforms.
SlashNext makes Active Cyber Defense System, a service with a cloud-based learning component that can detect data exfiltration, malware, exploits and social engineering attacks, says the company’s founder and CEO Atif Mushtaq.
SlashNext CEO Atif Mushtaq: "The system has a low false positive rate." Credit: SlashNext
He says the system analyzes suspicious traffic as a human analyst would. This allows the system to detect social engineering attacks. For instance, in phishing attempts that trick victims into clicking on malicious links, often those links mimic legitimate sign-in pages.
A security analyst would use a base of knowledge learned over the course of a career to detect that the page differs from the real page. Analysts can then use their experience to detect zero-day attacks.
Similarly, the SlashNext system would be preloaded with knowledge about attacks and analyze traffic by mimicking human thought processes via algorithms. “Our technology called Progressive Learning is a set a set of algorithms that uses machine learning to build the core knowledge bases,” Mushtaq says. “But the self-learning capability and ability to adapt is achieved through our patent-pending AI algorithms, written on top of this machine learning.”
He says that SlashNext’s AI is defined as the automation of human cognitive reasoning in order to draw conclusions and make predictions. “It is something that humans have been doing exceptionally well historically,” he says.
The system analyzes full internet sessions, from DNS requests to delivery of payloads in order to detect malicious activity. In that way, it can catch attacks that come via social engineering that don’t have a payload per se, he says.
Since detection is based on network traffic, the system protects all devices regardless of operating system.
When a threat is identified, the system alerts security teams.
The plan is for the company’s defense system to be served entirely from SlashNext’s private cloud by the end of the year. Customers’ internet traffic would be diverted to the cloud, analyzed and sanitized before being delivered to their computers, he says. Right now, all bi-directional internet traffic is instead filtered by appliances that are attached to switch span ports at customer sites. Suspicious traffic is fed from these appliances into the cloud for analysis, he says. The system requires no software agents.
Because the analysis engine is based in the cloud, the system scales to support large networks. It requires no policy configuration and can be deployed in about 20 minutes, he says.
Sign up for Computerworld eNewsletters.