Problem

Traditional rules engines are popular solutions because of their easy explainability and support for compliance requirements. However manual rule creation and maintenance is extremely time consuming. Machine learning models reduce the amount of human intuition required, but their results are harder to explain due to their black box nature.

Limitations of Rules Engines

Rules engines require enormous manual effort to create and maintain the rules. As the number of rules grows, the effort to maintain and deprecate them grows exponentially. When old rules are not deprecated or updated, the rate of false positives increases.

Limitations of Machine Learning

Because of the black box nature of machine learning models, their results are often difficult to explain. In strict compliance environments the ability to trace the exact reasoning behind a result is often necessary for auditing purposes, ruling out the use of machine learning models.

Solution

The DataVisor Automated Rules Engine combines the power of AI and machine learning with the simple explainability of rules engines. It automatically provides human-understandable rules along with high detection performance and reduced maintenance costs by using results from the DataVisor Unsupervised Machine Learning Engine.

While traditional rules engines are slow to react to new attacks, the Automated Rules Engine excels at proactively detecting these attacks. Suspicious attributes discovered by our UML Engine are immediately used to create new rules that detect new attack methods. Further, the rules within the Automated Rules Engine are constantly monitored to ensure that they’re still highly effective and accurate; those that become outdated are automatically updated or removed.

Benefits

Create New Rules Automatically

Automatically generate detection rules for new and evolving attacks based on the results of the DataVisor UML Engine.

Maintain High Explainability and Transparency

The rules generated by the Automated Rules Engine are in the same format as manually created rules, making them easy to understand and explain in an audit.

Continuously Update or Deprecate Rules to Maintain Effectiveness

Continuously back test and update or deprecate rules as attacker and legitimate user activity patterns change, minimizing false positives.

Support Legacy Manual Rules

Manually created rules are also supported, and can be used in combination with automatically generated rules from DataVisor.

Architecture

The DataVisor Automated Rules Engine is one component of the DataVisor Detection Solution, and works in concert with the Unsupervised Machine Learning Engine, the Supervised Machine Learning Module, and the Global Intelligence Network.

Ready to Enhance Your Detection with Unsupervised Machine Learning?

Request An Assessment