XM Cyber acquires Confluera ─ Read Here.
Here at Confluera, we believe that
When attempting to identify an object, we first seek to identify its outline. Emergence is the process of forming complex patterns from simple rules.
Some of the methods used to study how we perceive the world are fascinating!
This article aims to share an interesting framework and apply it to the work we do as cybersecurity engineers.
It was founded by the works of Max Wertheimer, Wolfgang Köhler, and Kurt Koffka in the early twentieth century in Austria and Germany as a theory of perception.
This framework is a useful way to explain the various strategies Confluera uses to make network activity human-interpretable and actionable.
So let’s begin our journey.
Our brains have evolved to appreciate connected movements, continuity provides context.
A concept we use in a motion picture where a series of still frames that are stitched together by our brains based on context
We believe that modern security has failed to provide context.
While most tools address similarity and provide the dots, there is a noticeable lack of “Connecting the Dots”.
Without a connected view, Security Analysts are drowned in signals and false positives. Confluera creates Continuity using the attack graph.
Our perception of reality starts with trying to group objects together. Having a set of something allows us to see possible distinctions in function.
For example, putting circles and squares in separate buckets allows us to distinguish the relevance of one group from another while giving each entity in the group a functional relationship with one another.
The Mitre Matrix is a good example of an elegant set of categories applied to a chaotic and often confusing discipline.
At Confluera we leverage this in a few different ways. Below is a section of our dashboard. We not only aggregate the Hosts with their exposure to risk but also summarize similar patterns we see across attack progressions.
Proximity provides spatial relation to seemingly disparate events. But what is considered proximal and what is considered distant?
A modern notion of network proximity is another gap in industry offerings that Confluera aims at closing.
Confluera’s causal graph that you see below gets rid of the spatial distance and creates a single proximal threat fabric that humans can traverse and investigate.
Symmetry in everyday language refers to a sense of harmonious and beautiful proportion and balance. This means that our brains are tuned to find distortions and disruptions in patterns both in time and space.
The activity dial on the Confluera dashboard is intentionally a symmetric 24-hour clock. It allows the human reading it to observe at a quick glance a sudden deviation in behavior at any instance in time.
The word Prägnanz is a German term and for our context means simplicity.
Our brains see a holistic picture of the entity, instead of the sum of its parts.
At Confluera we took inspiration from this simplification.
We take the dots [Events] add Proximity [Trails] then layer Continuity [Detections] and finally simplify it into a single entity[Progression].
The user now has only one cohesive object that needs investigation.
Closure and Common Fate are used by our brains to fill in the gaps and complete the picture we are viewing.
In security, we’re demonstrating closure when we see seemingly disjoint detections as one cohesive activity tied together by intent.
Viewing these detections as anything else, would mean losing context. These activities are a single Trail that will result in a single Fate.
Confluera strives to bring this Closure and Common Fate through the realtime stitching and motion as shown below.
I hope this snippet of what I learned has ignited your curiosity and given you a peek into the world of Confluerians.
As they say, when you are curious you find a lot of interesting things to do.
Stay curious...
.svg){kind=small}