Ask me anything: Insight Engines lets you talk your network into revealing threats

Think of the Insight Engines tool as Google for network security, allowing natural language searches and returning honed information to answer each query. This comparison doesn't do the program justice, but is a good starting point for understanding how it works.

Become An Insider

Sign up now and get FREE access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content. Learn more.

In the past, CSO has looked at solutions to help automate security processes, or even ways to outsource increasingly critical security functions like threat hunting. But those all come with risks, and as intelligent as artificial intelligence is getting, it’s still nowhere near as good as a knowledgeable human at following hunches and seeking out trouble.

The Insight Engines program is an attempt to leverage the power of computers to do the heavy cybersecurity lifting, while keeping humans solidly in charge of each investigation. And, it does this with a completely on-premises solution that is not vulnerable to snooping, or placed at the mercy of outside connectivity issues.

At its heart, the Insight Engines program is a natural language processor that is tied to an incredibly complex backend programming interface. The goal is to have cybersecurity team members of any skill level ask questions of Insight Engines in plain language, and then let the program put together an advanced query leveraging all available data pools to return an answer.

Right now, the Insight Engines suite only runs under Splunk, though that does give it access to every security tool that is already integrated into the popular Security Information and Event Management (SIEM) program. It is installed as a Splunk application, ready within about 30 minutes of activation for existing Splunk users. Thereafter it needs about a day to examine all connected data, though the program keeps learning after it’s in place, so it eventually becomes completely in sync with the network that it’s protecting. There is also a one to two-week process where Insight Engines will help new customers clean up and refine their datasets in order to get the most out of their new security tool.

At a high level, one can almost think of the Insight Engines tool as Google for network security, allowing natural language searches and returning honed information to answer each query. This does not do the program justice at all, but is a good starting point for understanding how it works.

To continue reading this article register now

NEW! Download the Winter 2018 issue of Security Smart