Automated Rule Engine 2018-10-19T15:05:10+00:00

Automated Rules Engine

Improve detection performance while reducing rule maintenance

Problem

Traditional rules engines are popular solutions because of their easy explainability and support for compliance requirements. However manual rule creation and maintenance is extremely time consuming. Machine learning models reduce the amount of human intuition required, but their results are harder to explain due to their black box nature.

Checklist Red - v0

Limitations of Rules Engines

To detect attacks, existing solutions rely on human experience to create rules or labeled training data to tune models. This means they are unable to detect new attacks that haven’t already been identified by humans or labeled in training data.

Microchip Red v0

Limitations of Machine Learning

Prior to an attack, sophisticated attackers discretely incubate accounts to give them realistic-appearing activity histories. These sleeper cells appear benign before they initiate fraudulent or abusive behaviors. Existing solutions cannot detect these sleeper cells until after they have exhibited malicious activity and caused damage.

Solution

The DataVisor Automated Rules Engine combines the power of AI and machine learning with the simple explainability of rules engines. It automatically provides human-understandable rules along with high detection performance and reduced maintenance costs by using results from the DataVisor Unsupervised Machine Learning Engine.

While traditional rules engines are slow to react to new attacks, the Automated Rules Engine excels at proactively detecting these attacks. Suspicious attributes discovered by our UML Engine are immediately used to create new rules that detect new attack methods. Further, the rules within the Automated Rules Engine are constantly monitored to ensure that they’re still highly effective and accurate; those that become outdated are automatically updated or removed.

Benefits

Labels - Blue - V1

Detect Attacks Without Labels or Training Data

Automatically generate detection rules for new and evolving attacks based on the results of the DataVisor UML Engine.
Sign Posts - Blue - v0

Maintain High Explainability and Transparency

The rules generated by the Automated Rules Engine are in the same format as manually created rules, making them easy to understand and explain in an audit.
Continuous - blue v0

Continuously Update or Deprecate Rules to Maintain Effectiveness

Continuously back test and update or deprecate rules as attacker and legitimate user activity patterns change, minimizing false positives.
Checklist - Blue - v0

Support Legacy Manual Rules

Manually created rules are also supported, and can be used in combination with automatically generated rules from DataVisor.

Architecture

The DataVisor Automated Rules Engine is one component of the DataVisor Detection Solution, and works in concert with the Unsupervised Machine Learning Engine, the Supervised Machine Learning Module, and the Global Intelligence Network.

Ready to enhance your detection with unsupervised machine learning?