New-Scale Analytics: How Does AI Uncover Hidden Threats?

Cyberthreats are becoming increasingly sophisticated, and traditional protection methods are no longer adequate for detecting them. The solution is New-Scale Analytics, which uses machine learning and artificial intelligence for behavioral analysis, anomaly detection, and uncovering hidden threats that are not visible to classic security systems.

What is New-Scale Analytics?

New-Scale Analytics is a modern approach to cybersecurity based on analyzing user and entity behavior on the network, identifying anomalies, and correlating data to detect complex, multi-stage attacks. Unlike traditional signature-based methods, New-Scale Analytics focuses on understanding normal behavior and identifying deviations from it. This allows detecting both known and completely new, previously unknown threats.

Key Principles of Operation

• Behavioral Analysis (UEBA)

  At the heart of New-Scale Analytics is behavioral analysis of users and entities (UEBA – User and Entity Behavior Analytics). The system collects data on the actions of users, servers, applications, and other objects on the network, and then builds profiles of their normal behavior. These profiles take into account many parameters, such as activity time, applications used, access to data, network traffic, and much more. By analyzing behavior, the system identifies deviations that may indicate a threat.

• Using Machine Learning to Detect Anomalies

  Machine learning is a key element of New-Scale Analytics. The system uses machine learning algorithms to automatically build profiles of normal behavior and identify anomalies. The algorithms are trained on large amounts of data, constantly adapting to changes in user and network behavior. This allows detecting even the most subtle deviations that may be missed by traditional methods. Security anomalies are actions that deviate from normal behavior and may indicate a threat.

• Applying AI Analysis for Data Correlation

  AI analysis plays an important role in detecting complex attacks. The system uses AI algorithms to correlate data from various sources and identify connections between events that may seem unrelated at first glance. This allows detecting multi-stage attacks that are difficult to detect using traditional methods. For example, the system may detect that a user whose account has been compromised is using it to access confidential data and then attempting to cover their tracks by deleting logs.

How New-Scale Analytics Uses Machine Learning and AI to Detect Anomalies

Solution Architecture

The architecture of New-Scale Analytics consists of several key components:

• Data Collection and Processing

  This component is responsible for collecting data from various sources, including logs, network traffic, information about user activity, and others. The collected data undergoes preliminary processing, cleaning, and normalization to prepare it for further analysis.

• Behavior Analysis

  This component uses machine learning algorithms to build profiles of normal user and entity behavior. It analyzes many parameters, such as activity time, applications used, access to data, network traffic, and others.

• Anomaly Detection

  This component compares the current behavior of users and entities with their profiles of normal behavior and identifies deviations. It uses various methods to reduce the number of false positives, such as statistical analysis, machine learning, and expert rules.

• Correlation and AI Analysis

  This component uses AI algorithms to correlate data from various sources and identify connections between events. It allows detecting multi-stage attacks that are difficult to detect using traditional methods.

• Visualization and Reporting

  This component provides security analysts with user-friendly tools for data visualization, incident analysis, and report generation.

Learning From Normal Behavior

Machine learning plays a central role in training the system to understand normal behavior. Algorithms analyze historical data on the actions of users, servers, and applications, identifying patterns and creating baseline profiles. These profiles are constantly updated and adapt to changes in behavior, ensuring the relevance and accuracy of anomaly detection. For example, the system may take into account that an employee usually works from 9:00 to 18:00, uses certain applications, and accesses certain resources. Any deviation from this profile, such as working at night or accessing confidential data, may be considered an anomaly.

Automatic Anomaly Detection

After learning from normal behavior, New-Scale Analytics automatically detects anomalies that deviate from these profiles. The system uses various methods to identify anomalies, such as statistical analysis, machine learning, and expert rules. For example, the system may detect that a user unexpectedly downloads a large amount of data, attempts to access resources they have not previously accessed, or uses an unusual protocol. These anomalies may indicate a threat, such as account compromise, insider threat, or malware.

Reducing False Positives

One of the key tasks of New-Scale Analytics is to reduce the number of false positives. False positives can lead to unnecessary costs of time and resources for security analysts, as well as to ignoring real threats. To reduce the number of false positives, the system uses various methods, such as:

• Statistical Analysis

  This method allows determining whether a deviation from normal behavior is statistically significant or random.

• Machine Learning

  Machine learning algorithms can learn from historical data and identify patterns that allow distinguishing false positives from real threats.

• Expert Rules

  Expert rules allow setting specific criteria that must be met for an event to be considered a threat.

Detecting Complex Attacks with AI Analysis

AI analysis allows detecting complex, multi-stage attacks that are difficult to detect using traditional methods. The system uses AI algorithms to correlate data from various sources and identify connections between events that may seem unrelated at first glance. For example, the system may detect that a user whose account has been compromised is using it to access confidential data and then attempting to cover their tracks by deleting logs. By combining these disparate events into a holistic picture, AI analysis allows identifying the attack and taking the necessary measures.

Examples of Attack Scenarios That Can Be Detected with New-Scale Analytics

Detecting Insider Threats

Insider threats are actions committed by employees of an organization that may harm its security. New-Scale Analytics can detect insider threats by analyzing user behavior and comparing it to a normal profile.

• Example 1: Employee Downloads a Large Amount of Data Before Leaving

  The system may detect that an employee who is planning to leave unexpectedly downloads a large amount of data from the corporate network. This may indicate that the employee is trying to steal confidential information before leaving the company.

• Example 2: Employee Tries to Access Resources They Have Not Previously Accessed

  The system may detect that an employee is trying to access resources they have not previously accessed. This may indicate that the employee is trying to access confidential information they do not have access rights to.

Account Compromise

Account compromise is a situation where an attacker gains access to a user account. New-Scale Analytics can detect account compromise by analyzing geo-location, login time, and other parameters.

• Example 1: Unexpected Login From an Unusual Location

  The system may detect that a user has logged in from an unusual location, such as from another country. This may indicate that the user’s account has been compromised and is being used by an attacker.

• Example 2: Attempts to Access Confidential Data After Compromise

  The system may detect that after a user’s account has been compromised, the attacker is trying to access confidential data. This may indicate that the attacker is trying to steal confidential information.

Network Behavior Analysis and Anomalous Traffic

Network behavior analysis allows identifying anomalies in network traffic that may indicate a threat. New-Scale Analytics can detect anomalous traffic by analyzing its volume, direction, and protocols.

• Example 1: Sudden Increase in Traffic to a Specific Server

  The system may detect that traffic to a specific server has suddenly increased. This may indicate that the server has been compromised and is being used to conduct an attack.

• Example 2: Communication With Suspicious IP Addresses

  The system may detect communication with suspicious IP addresses that may be associated with malicious activity. This may indicate that the system is infected with malware.

• Example 3: Unusual Protocols

  The system may detect the use of unusual protocols that are not typical for the network. This may indicate that an attacker is attempting to bypass security measures.

Identifying Attacker Techniques and Tactics (MITRE ATT&CK)

MITRE ATT&CK is a knowledge base containing information about the techniques and tactics used by attackers. New-Scale Analytics can use MITRE ATT&CK to detect attacks that use known techniques and tactics.

• Example: Detecting Lateral Movement

  The system may detect that an attacker is attempting to move laterally across the network using compromised accounts or tools. This may indicate that the attacker is trying to gain access to confidential information located on other systems.

Analysis of User and Entity Behavior

As already mentioned, User and Entity Behavior Analytics (UEBA) is the cornerstone of New-Scale Analytics. This approach allows not only reacting to known threats, but also anticipating them, based on changes in behavioral patterns.

Customization of User Behavior Profiles

The system allows creating individual behavioral profiles for each user, taking into account their role in the organization, tasks performed, and typical actions. This allows more accurately identifying anomalies that may indicate a threat. For example, for a system administrator, access to various servers may be normal, while for an accountant, this would be clearly anomalous behavior.

Adaptive Learning Based on Historical Data

The machine learning algorithms used in New-Scale Analytics constantly adapt to changes in user and network behavior. This allows the system to remain up-to-date and effectively detect new threats. For example, if a user starts using a new application, the system will take this into account in their behavioral profile and begin analyzing their actions with this application.

Incident Investigation

New-Scale Analytics provides security analysts with powerful tools for quick and effective incident investigation. The system provides contextual information allowing analysts to quickly understand the essence of the problem and take the necessary measures.

Contextual Information

The system provides analysts with all the necessary information about the incident, including data about the user, server, network traffic, and other related events. This allows analysts to quickly understand the essence of the problem and take the necessary measures. For example, the system may show that a suspicious file was downloaded by a user from a specific IP address and then launched on a specific server. This information allows analysts to quickly identify the source of the threat and take measures to eliminate it.

Data Visualization and User-Friendly Analysis Tools

New-Scale Analytics provides analysts with user-friendly tools for data visualization and incident analysis. Data visualization allows analysts to quickly identify patterns and trends that may indicate a threat. User-friendly analysis tools allow analysts to quickly access the necessary information and take the necessary measures.

Conclusion

In today’s world of cyber threats, the use of AI and machine learning to detect hidden threats is becoming a necessity. New-Scale Analytics offers an effective approach to security, based on behavioral analysis, automatic anomaly detection, and data correlation. Using New-Scale Analytics is an effective tool for increasing the level of security of an organization and protecting against the most modern cyber threats.