DarkLight is a first of its kind, AI-based expert system for active cyber defense and trusted information sharing.
DarkLight allows analysts to codify their logical processes and run them at machine-speed, 24-hours a day. It delivers a force-multiplier to address the greatest challenge facing the industry today – the lack of skilled cyber analysts. Using DarkLight, an organization can deploy a scientific, evidence-based foundation for vastly improved cyber security operations and automation of their most highly-prized resource: the logic and experience of the human analyst.
DarkLight automates what was previously solely a human task in frameworks such as the Integrated Adaptive Cyber Defense (IACD), a collaboration between NSA, DHS, Johns Hopkins APL and many industry-leading vendors. Upper-level sense-making and decision-making functions which require human expertise and analytic tradecraft in the loop are now captured, augmented and/or automated to perform at machine speed, while the human remains on the loop only as needed, to further train and guide the AI.
Using Object-Based Production, DarkLight organizes what is known about the enterprise, the adversary and the observations sensed from the cyber ecosystem, interpreting the data like a human analyst would.
DarkLight’s AI interprets the data like a human analyst and is used to orient or make sense of the observations coming from the cyber ecosystem to support evidence-based decision-making and course of action selection. Functions which require human expertise and analytic tradecraft are automated to perform at machine speed, while the human remains on the loop only as needed, to further train and guide the AI.
DarkLight supports activity-based intelligence (ABI) tradecraft to reveal hidden data that can only be inferred from what is known, and to discover the unknown unknowns in the cyber ecosystem. This type of ABI tradecraft reasoning focuses on transactions, behaviors, and activities rather than signatures or mathematical algorithms. Unlike a black box machine learning approach, the logic is exposed, defendable, and can be used for instruction and knowledge transfer.
Our approach stems from years of R&D at the Pacific Northwest National Lab working on semantic graphs, knowledge representation and advanced reasoning systems. DarkLight’s unique AI focuses on transactions, behaviors, and activities rather than signatures or mathematical algorithms. When the cyber security data and information is ingested into DarkLight and mapped to its ontologies, the knowledge from the individual files is automatically organized into a cyber security knowledge and activity graph.
As a result, DarkLight’s patented analytic methodologies drive automated, evidence-driven decisions and orchestrated courses of action at machine speed to help organizations get ahead of the threats.