A dangerous strategy, but one which delivers immediate value.

So here’s the thing: Everyone agrees that running analytics over a mass of data can offer real value. That value is especially real in the ongoing arms-race that occurs between those who seek to breach an organization’s cyber defenses, and the organization’s cybersecurity teams – running analytics over the innumerable amount of enterprise cyber data that exists can uncover issues before they can cause damage.

But there’s a flip side to that value: knowing where to look and knowing what to ask. As the extent of nefarious attacks increases, cybersecurity operatives are tasked with becoming data scientists and formulating the correct queries to look for the right data. Imagine if this could be made easier through the use of plain English querying?

Arise Insight Engines

The plain English part of that value proposition is where Insight Engines works. The company offers a natural language search platform that allows anyone to ask questions in plain English which then queried against organizational data. The interim step of spending years becoming a data analyst is obviated at last. The company has some impressive backers, including none other than Splunk, which is where this gets interesting.

Insight Engines + Splunk = a broader platform

So given that Splunk is actually an investor in the company, it is perhaps unsurprising that the two should cozy up in an effort to broaden Splunk’s own appeal beyond the data geeks out there and to more general business users. Insight Engines is using Splunk’s annual conference to launch Insight Engines Cyber Security Investigator (CSI) for Splunk. CSI lets users ask questions of Splunk data using natural English language, even if they don’t have expertise in Splunk Search Processing Language (SPL).

CSI uses Insight Engines’ natural language processing search technology to enable plain English search queries over machine data. NPL is much more than keyword lookups from a dictionary. Not only does it understand the actual words being used, but it also examines search queries to understand the meaning, intent, and context.

CSI, which was first introduced last year, is being extended to include broader functionality. Specifically:

  • The personal workbench. Analysts can now personalize their homepages to display custom query results for their specific role, giving them a sense of where threats may exist and what they should investigate next.
  • Deeper integration with Palo Alto Networks, with support for more data fields, so that analysts can dig deeper into and correlate the many insights that are created by Palo Alto Networks products.
  • Autopilot, an automated query mode. Autopilot proactively conducts searches a team likely hasn’t ever thought of, and displays results for these searches in seconds, increasing a security team’s opportunity to randomly discover bad actors, and inspiring them to ask more questions of their data.
  • Pivot Queries, a query recommendation engine that intelligently suggests new questions to ask based on the question you asked. Analysts can click on a result and get suggested natural language queries about that specific result, leading to better insights.
  • Alexa integration, a new voice search component that lets security analysts ask questions of CSI  via the Echo interface.

CEO’s are meant to wax poetic about their products, and Grant Wernick, Insight Engines’ CEO, is no exception. He enthuses that:

Security teams today are like the Great Wall of China – they apply their efforts broadly but are easily breached by smart, targeted intruders. CSI turns their data analysts into a cyber SWAT team. They can swiftly zero in on irregular network traffic or authentication data, track breaches as they happen, and take action. All they need is a basic understanding of security principles and a bit of curiosity.

MyPOV

Democratization is good. If analytics in its various guises is really going to deliver value, then we need to find ways to be able to leverage them without having to clone millions of data scientists. This partnership is a good start. True it is primarily focused on a narrow use case – that of cybersecurity, but imagine it broadened out even further into general business applications.

Ben Kepes

Ben Kepes is a technology evangelist, an investor, a commentator and a business adviser. Ben covers the convergence of technology, mobile, ubiquity and agility, all enabled by the Cloud. His areas of interest extend to enterprise software, software integration, financial/accounting software, platforms and infrastructure as well as articulating technology simply for everyday users.

Leave a Reply