Cyber Threat Analysis with Diffeo

Discover unknown unknowns in unstructured text by rapidly assembling networks of entities with help from Dffeo’s active learning algorithms for large-scale entity disambiguation. As you take note of interesting relationships, the machine-in-the-loop learns which entities you are studying and suggests texts to fill in knowledge gaps.

As an analyst working cyber threats, I need to correlate the latest intrusion data with OSINT, HUMINT, and other reporting sources to figure out who is attacking and why.

This new approach to discovery won the NGA’s Disparate Data Challenge!

Meta Cloud

I quickly organize knowledge base (KB) entries by dragging text from source documents recommended by Diffeo. As I build out my KB article on Sandworm, a recently identified zero-day, Diffeo learns which subtopics I am studying and analyzes the labyrinth of complex data sources to find useful mentions of my entity.

What is useful? The relationships that I did not know about! Diffeo identifies missing connections and makes it easy for me to see them as I iteratively refine the citations and hyperlinks in my evolving KB.

Meta Cloud

The resulting KB is rich in semantic structure. It is a new collaboration tool for my entire team. The network in the KB quickly revealed that Sandworm is targeting GE Cimplicity. This might affect my organization, so I send the new BlackEnergy indicators to the cyber defenders in the relevant SCADA team.

Meta Cloud