DarkLight is a first of its kind, AI-based expert system for active cyber defense and trusted information sharing.
DarkLight allows analysts to codify their logical processes and run them at machine-speed, 24-hours a day. It delivers a force-multiplier to address the greatest challenge facing the industry today – the lack of skilled cyber analysts. Using DarkLight, an organization can deploy a scientific, evidence-based foundation for vastly improved cyber security operations and automation of their most highly-prized resource: the logic and experience of the human analyst.
DarkLight automates what was previously solely a human task in frameworks such as the Integrated Adaptive Cyber Defense (IACD), a collaboration between NSA, DHS, Johns Hopkins APL and many industry-leading vendors. Upper-level sense-making and decision-making functions which require human expertise and analytic tradecraft in the loop are now captured, augmented and/or automated to perform at machine speed, while the human remains on the loop only as needed, to further train and guide the AI.
Using Object-Based Production, DarkLight organizes what is known about the enterprise, the adversary and the observations sensed from the cyber ecosystem, interpreting the data like a human analyst would.
DarkLight’s AI interprets the data like a human analyst and is used to orient or make sense of the observations coming from the cyber ecosystem to support evidence-based decision-making and course of action selection. Functions which require human expertise and analytic tradecraft are automated to perform at machine speed, while the human remains on the loop only as needed, to further train and guide the AI.
DarkLight supports activity-based intelligence (ABI) tradecraft to reveal hidden data that can only be inferred from what is known, and to discover the unknown unknowns in the cyber ecosystem. This type of ABI tradecraft reasoning focuses on transactions, behaviors, and activities rather than signatures or mathematical algorithms. Unlike a black box machine learning approach, the logic is exposed, defendable, and can be used for instruction and knowledge transfer.
Our approach stems from years of R&D at the Pacific Northwest National Lab working on semantic graphs, knowledge representation and advanced reasoning systems. DarkLight’s unique AI focuses on transactions, behaviors, and activities rather than signatures or mathematical algorithms. When the cyber security data and information is ingested into DarkLight and mapped to its ontologies, the knowledge from the individual files is automatically organized into a cyber security knowledge and activity graph.
As a result, DarkLight’s patented analytic methodologies drive automated, evidence-driven decisions and orchestrated courses of action at machine speed to help organizations get ahead of the threats.
Use of the SDxCentral service directory is governed by our Terms of Service, including without limitation those sections under the headings "CONTENT", "LICENSING AND OTHER TERMS APPLYING TO CONTENT POSTED ON THE SDXCENTRAL SITES", "INDEMNITY; DISCLAIMER; LIMITATION OF LIABILITY" AND "COPYRIGHTS". Under no circumstances will SDxCentral be liable in any way for any Content, including, but not limited to, liability for any errors or omissions in any Content or for any loss or damage of any kind incurred as a result of the use of any Content posted, emailed or otherwise transmitted via the Sites.