The Problem

Cyber defense is a three-stage process. First, intrusion detection systems, (IDS), monitor network and system activity for malicious events. IDSs use hardware and software sensors to execute security policies describing these events to generate alerts. Second, the alerts are consolidated into a security management system. Finally, highly trained security analysts evaluate the alerts using experience and a variety of analytic tools to identify and neutralize treats.

This model is increasingly compromised by the high cost of detection. Cost limits the number and fidelity of operational sensors leading to a marked deterioration in the quality of alert data. In practice the vast majority of alerts consist of False Positive indicators placing a huge burden on the security analyst.

Extensive False Positives

Consider detection like a microscope looking for malicious activity. Because of cost analysts must scan for potential threats at low resolution. Reducing the cost of the sensors so they can be more widely deployed and higher resolution is a top priority.

STANDARD PROCESSOR DETECTION RESOLUTION

HIGH NUMBER OF FALSE POSITIVES

The LRL Solution

The LRL Neuromorphic Data Microscope™, based upon a unique Neuromorphic Processor, addresses this problem. The LRL Neuromorphic Data Microscope is designed to execute standard security expressions while integrating transparently into existing cyber infrastructure. With the LRL Neuromorphic Data Microscope alert database fidelity improves dramatically. Improved resolution means the False Positives are attenuated, significantly improving the signal-to-noise ratio.

LRL NEUROMORPHIC DATA MICROSCOPE ENHANCED RESOLUTION

IDENTIFIES TRUE POSITIVES

The LRL Neuromorphic Data Microscope consists of a PCIe-compatible interface card, driver and PCRE compiler integrated into Suricata or other similar intrusion detection systems.

The Results

In collaboration with Sandia National Labs, the LRL Neuromorphic Data Microscope was benchmarked using production PCRE expressions and public PCAP files against a deployed state-of-the-art SNORT appliance. The LRL Neuromorphic Data Microscope pervasively analyzed 800+ complex PCRE expressions at a 2+Gb/s rate, a >100x performance gain. The LRL Neuromorphic Data Microscope dramatically reduces False Positives while increasing True Positives, significantly improving accuracy and reducing the time and cost of threat detection.

To learn more about the LRL Neuromorphic Data Microscope contact LRL