What is AQ Technology?
AQ Technology is found in Security On-Demand’s ThreatWatch detection & analytics platform. How does AQ Technology make a difference in our threat detection tool? Well, AQ solves the Data Access problem in cyber security.
AQ Technology was created and developed by Security On-Demand’s research team based in Warsaw, Poland. AQ Technology is the product of decades of research utilizing Rough Set mathematics concepts to create an AI based data analytics engine that accelerates data access by over 100 times.
Benefits of AQ Technology in the ThreatWatch platform
The benefits of Security On-Demand’s AQ Technology are disruptive compared with current industry approaches. AQ Technology provides the following benefits:
Eliminates the need to perform data reduction
Significantly enhances the time to detection
Lowers the labor cost of false positives
Increases the percentage of threats detected
Reduces the cost of an impact from a data breach
What is AQ technology?
AQ Technology is a data analytics engine that acts as the data access interface between the database(s) and threat models used by an application. As the log data is received by the SOD collector, it is encrypted and forwarded to the SOD Processing cluster where the AQ technology creates a mathematical model of the data called an “MDAL™”, a Multidimensional Data Access Layer. The MDAL™ is a small binary file (not an index), that mathematically represents the data set knowledge, key characteristics, frequencies, and outliers within the data. Using the MDAL™ to perform queries of the data, instead of accessing the data directly provides several orders of magnitude performance improvement of the data that is 99.5% accurate.
The AQ Query Engine
The AQ Query engine provides extremely efficient and fast query capability accelerates time to detection, reduces false positives, and dramatically lowers the cost of labor for analysis. As previously explained, the AQ Technology acts as a data analytics layer in between the data and the threat applications.
Through direct query access to the AQ MDAL, the system provides fast and accurate queries about what is in the data, typically with sub-second response. This allows both human analysts and threat applications to ask the data questions and use those responses to shape the next set of questions when performing threat hunting, investigating alerts, or performing response triage.
The use of machine learning can potentially find advanced threats is in its infancy. The field is quickly advancing as more research is conducted in the cyber threat solution space. As the field advances, the data access problem is also becoming more acute due to the modeling from huge amounts of data. As changes occur in the data, machine-learning models must be continuously retrained in order to stay accurate.
AQ Technology facilitates retraining the machine-learning model due to its speed. The speed in turn ensures that its accuracy remains high since the model does not need to rely on a reduced data set or eliminating ML features. AQ Technology is foundational and revolutionary in its ability to solve the data access problem and supply machine-learning models with the data needed to detect and find the hidden threats.
AQ Benchmarks & Real World Examples
The AQ technology based analytics platform (ThreatWatch) proved its effectiveness when the famous “WannaCry” Ransomware attack occurred throughout the world in May of 2017. One of the threat indicators that helped SOD identify whether a client was infected or about to be infected, was the identification of significant traffic activity on Port 445.
Because of the large data volumes being collected, processed and stored, it would normally be a daunting task to query the past 30 days of historical data (petabytes) in order to receive the results. Our 24×7 Security Operations Center assessed that a normal query would take over two and a half days to run the indicator analysis across all of our clients.
Using the AQ Technology query, our security analysts were able to receive answers of who was infected in less than 22 minutes. AQ changes the game with the ability search for threat indicators at speeds previously unprecedented in the Industry.
AQ is the Differentiator in Threat Analysis
Protected by multiple patents, Security On-Demand’s AQ is the differentiator in its ability to detect advanced threats, find them sooner, and at a lower cost than industry competitors. While other service providers attempt to use additional labor to solve the problem, SOD believes this to be unsustainable due to the increasing data problems and shortage of qualified security personnel in the industry.
AQ Technology has the distinct advantage of continuously analyzing all the data all the time while speeding the data access for threat detection applications. This provides the basis for superior threat detection, analysis, machine learning, threat hunting, forensic discovery, and further automation within the security operations center, lessening the burden on human analysts and lowering the cost of service delivery to the customer.
AQ Technology optimizes the threat detection models to achieve faster threat detection, greater accuracy, fewer false positives, and a dramatically lower cost to analyze and validate threats.
About Security On-Demand
Security On-Demand (SOD) provides 24×7 advanced cyber-threat detection services for mid-market companies and state or local government agencies. SOD’s patented, behavioral analytics technology platform, ThreatWatch® enables the detection of advanced threats that help protect brand value and reduce the risk of a data breach. Headquartered in San Diego, California with R&D offices in Warsaw Poland, SOD services and protects hundreds of brands globally and is the winner of multiple industry awards. Please visit us at www.securityondemand.com. Find us on LinkedIn and follow us on Twitter @SecurityOnDmand.