CTO Talk: Strategic guidelines for an intelligent cybersecurity system

The Privacy Management (PMT), Privacy by design (PbD) and Privacy Impact Assessment (PIA) tools, Integration of Data Management and Security, Integration of Extensible Key Management (EKM) and Cloud Key Management as a Service (KMaaS), Data Security as a Service (DSaaS), Data Security Platforms and Cloud Database Activity Monitoring (DAM) are in rapid development. Data Security Management (DSG), Data Risk Assessment (DRA), PIA, and data breach response processes are increasingly requiring consistent security policies.  Security Operations Center (SOC) needs to be transformed and modernized to implement the new generation AISecOps central neural system into an intelligent and coordinated operational security network. Through an integrated center for operations against diverse threats such as LogSentinel, which includes improved capabilities for: 

• Threat Hunting (XDR)
• Detection of data leaks
• Security Investigation and Traceability
• Detection of internal and external threats (actual battle / red-blue confrontation

Traditional methods for forecasting the situation in network security usually require large-scale data training and are very sensitive to missing data. Forecasting methods lack theoretical support and reasoning, forecasting efficiency is low and convergence rate is slow, leading to inaccurate situation forecasting results and low forecasting efficiency. It is impossible to provide predictive information for network managers accurately and on time, which poses a threat to the network environment.  Unlike most security tool providers, who are more prone to standardization and form a business development model based on unified standards, unified products, and providing customers with various standard services, LogSentinel also offers opportunities for customization and close integration with business applications and platform strategy.  LogSentinel provides MSS security services for enterprise customers based on automation and SOAR security response. Effectively addresses security through artificial intelligence + automation, helping enterprises deploy AISecOps to deploy key security technologies.  

To solve the aforementioned series of problems, LogSentinel is developing: 

• Module for dynamic regulation of the existing elements of the network security situation. Based on the process of fuzzy analytical hierarchy, optimized by the stochastic descent gradient algorithm for dynamic adjustment of the weight of the elements to represent the network security situation. This module dynamically adjusts the weight of the network security situation representation elements and effectively provides a reference for assessing the network security situation.
• Network security situation forecasting module based on parallel deep forest. Because the traditional method of predicting network security situations has problems such as large errors, difficulty to learn, sensitivity to missing data, and low learning efficiency, this module is easier to learn. It has good performance, high efficiency, and scalability, maintains small-scale data training, theoretical analysis, and parallel implementation can compensate for the shortcomings of traditional forecasting methods. This module includes a distributed computing engine to parallelize the algorithm so that it can quickly process massive data and effectively predict network security situations.
• Module to visualize different network information, network topology, and network security situation and query with different details so that network managers can control network security to take the necessary measures to deal with network security threats.

Prof. Raychev believes that to adapt to the current special changes in enterprise security operations, AISecOps must be built to achieve flexibility and self-adaptation of enterprise security operations, so that SOC has an intelligent strategy covering perception, and forecasting, detection, analysis, and response.