Analyzing All the Data, All the Time
SOD’s ground-breaking AQ TechnologyTM is based on Rough Set mathematics and 3 different Artificial Intelligence models. AQ TechnologyTM is a data analytics engine that sits between the data lake and the application which provides analysis of indicators 100+ times faster than querying the database directly.
“Security On-Demand is the only MSSP/MDR company in the world that utilizes AQ Technology. With over 7 patents, SOD has raised the bar for every competitor in the managed security services industry.”
Because of the speed and performance, AQ Technology can analyze all of the log data, without data reduction, normalization, or elimination of potential threat indicators. This allows Security On-Demand to find threats and indicators that would otherwise be dropped from the data set based on the overwhelming volume of data.
Using AQ Technology in Threat Detection
The benefits of Security On-Demand’s AQ Technology are disruptive compared with current industry approaches. AQ Technology provides the following benefits:
- Enhances Machine Learning Models
- Eliminates the need to perform data reduction
- Significantly enhances the time to detection
- Lowers the labor cost of false positives
- Increases the percentage of threats detected
- Know what is in the data set (or data lake) before we search for it
- Eliminate the need to sample the data to know what’s in it
- Eliminate the need to extract data sets into elastic search to hunt for data
- Conduct broad searches for threat indicators across large data sets not previously possible
- Conduct a series of Machine Learning Automated database queries to hunt for threat indicators
Case Study: How AQ TechnologyTM proved its worth when the famous “WannaCry” Ransomware attack occurred throughout the world in May of 2017.
- One of the threat indicators that helped SOD identify whether a client was infected or about to be infected, was the identification of significant traffic activity on Port 445.
- Because of the large data volumes being collected, (over 16-20 billion events per day) it would normally be a daunting task to query approximately 30 days of historical data (about a petabyte) in order to receive the results.
- Using SOD’s new ThreatWatch platform based on “AQ” data analytics technology, the query was performed in under 19 minutes.
- By comparison, querying the same indicators on a normal database would have taken over approximately 3.5 days for a single indicator.
This revolution in query performance (previously known as superscale analytics) will change the game with the ability to query threat indicators at a level previously unprecedented in the industry, which is only still in its infancy as new extensions to the AQ TechnologyTM are being discovered.