Masergy UES Offers Unique Approach to Network Defense

Masergy UES Offers Unique Approach to Network Defense

First of a four-part series

Your network is unique. So are its security needs. That’s why Masergy designed its Unified Enterprise Security (UES) technology platform differently.

At Masergy, we know your network runs a unique mix of functions, applications and supported services. This means that a learning and prediction model that works on someone else’s network won’t necessarily work on yours.

Unfortunately, that’s precisely what many other security-technology vendors offer. They deploy “trained” systems that attempt to detect anomalies using a single learning method with training data. These systems pull data from the customer base for both false positives and true positives. Then, once the system has been trained, the updated standard profile is sent to all customers in an update. This one-size-fits-all approach applies the same learning model to all customers and their networks. In other words, what’s missed on one customer’s network will be missed on all of them.

That’s not to say there isn’t value in macro threat intelligence. But it’s only one piece of a complex puzzle. And it ignores the fact that your network is unique.

Machine Learning Analysis

Masergy does it differently. Our UES platform uses multistage machine-learning analysis. It finds, then learns, predictable patterns on your network. Every network has its own learning model, based on the types of methods that work best for it. So instead of applying a one-size-fits-all approach, the Masergy system detects events differently on different networks. That includes yours.

At the heart of the analysis process is a data-prediction gradient that uses multiple learning models, including associated rules learning, sparse dictionary learning, Bayesian fields and artificial neural networks. This system can learn data streams from any of six subsystems, each serving a distinct purpose:

Frequencies: When data is transmitted, the data from a network card, log or vulnerability scanner is defined as an event. The frequency and magnitude of these events are measured over set periods of time, then mapped.

Pairings: This subsystem identifies which systems are communicating with each other, the protocols they’re using, and the size of the bidirectional communications. Then, like frequencies, these are mapped directly to a date and time.

Protocols: By determining which protocols are being used in a network stream, this subsystem identifies the type of applications, operating systems and infrastructure devices on a network.

Resources: This subsystem builds an asset list of devices on the network and the communications methods they use. Over time, this list gets adjusted so that the system can learn the parameters and baselines. This, in turn, lets the system make predictions based on combinations of protocols and services in use.

Statistics: Metadata on groups of systems from smallest (single system) to largest (whole network) is gathered, then fed to other subsystems such as frequencies and thresholds.

Threshold: Using curve-fitting algorithms to learn data trends, this system generates major and minor brackets. Then it tracks both high and low peaks to determine when a value has exceeded its bracket and identify patterns.

What’s more, the UES data-prediction gradient can use data from all six subsystems. Then it processes the data using multiple learning models, comparing the learned data with the original raw data and using regression analysis to grade each data stream against its own learning models. In this way, the system determines the predictability of any data model.

Also, data models with high predictability are tracked and used for anomaly detection. Those with low predictability are monitored using the data prediction gradient, just in case they later become predictable.

Data Clustering

The final analysis is done by clustering data. The Masergy UES system arranges the data into individual fields; this creates dimensions that are disassociated with the original structures. Next, these dimensions are individually analyzed with cluster analysis, using different clusters of dimensions to create hyperplanes. Projections of these hyperplanes can be analyzed to find patterns that do not exist in the ambient data, and these often show emerging patterns that point to deeply hidden anomalies.

This technique is used to form a temporal grid that serves as a prediction model. This lets the system find anomalies in the hyperplanes that can then be mapped back to the original data in the ambient space.

Masergy’s UES solution adapts to the network being monitored. Instead of applying a one-size-fits-all approach, UES detects events differently on different networks. It’s an approach every bit as unique as your own network.

Learn more about Masergy’s Unified Enterprise Security.

Join Masergy Chief Scientist Mike Stute for our webinar Next Generation Cybersecurity: The Age of Artificial Intelligence.

About Mike Stute

Chief Scientist, Masergy
Mike Stute is Chief Scientist at Masergy Communications and is the chief architect of the Unified Enterprise Security network behavioral analysis system. As a data scientist, he is responsible for the research and development of deep analysis methods using machine learning, probability engines, and complex system analysis in big data environments. Mike has over 22 years experience in information systems security and has developed analysis systems in fields such as power generation, educational institutions, biotechnology, and electronic communication networks.