Cobalt Iron Secures Patent on Applying Machine Learning to Cyber Inspection
November 2023 by Marc Jacob
Cobalt Iron Inc. announced that it has received another new patent, this time for machine learning-driven cyber inspection. Issued on Sept. 19, U.S. Patent 11765187 introduces new capabilities for Cobalt Iron Compass®, an enterprise SaaS backup platform. When fully implemented, the new techniques will apply machine learning analysis to determine which cyber inspection tools are most appropriate and effective for given data or cyber threats. They will also allow businesses to adjust proactively and automatically to which, how, and when cyber inspection tools are used to validate corporate data. This optimizes cyber inspection operations, thus improving cyber event detection and data validation processes.
Cyber attacks are increasing in frequency and sophistication. While businesses continue to harden various resources and parts of the IT environment, nefarious characters continue to change their attack approaches and targets. Cyber protections that worked yesterday or are working today may be insufficient in the near future. Companies also need more insights into how well their cyber resiliency schemes are working. In particular, analytics around cyber protection, detection, and inspection operations are woefully lacking in the industry.
This invention addresses those concerns. It qualified for a patent because of several unique characteristics:
• Historical analysis of the usage of multiple cyber inspection tools and their effectiveness in detecting different types of cyber events in particular types of data.
• The application of machine learning techniques to cyber inspection operations.
• Automatic adjustment of a time range to perform cyber inspection operations based on cyber attack indications.
• Automatic adjustment of policy-driven cyber inspection using multiple cyber inspection tools and multiple cyber inspection levels:
o at different times or events in the life cycle of a data object.
o or for different types of cyber events.
This patient introduces machine learning technology advancements that will refine and optimize how Compass applies multiple cyber inspection tools depending on the conditions. Specifically, the techniques disclosed in this patent:
• Store and analyze machine learning training data associated with a plurality of cyber attacks (including ransomware attacks), inspection class policies, data protection operations, cyber inspection operations, and operational forensics data.
• Establish inspection-class policies to specify, for each plurality of security conditions or events, a class of inspection tools and a specific level of inspection to perform within a defined security zone.
o A specific type of data to be inspected.
o A certain point in a data life cycle (e.g., on creation, modification, backup, recovery, etc.) for the specific type of data to be inspected.
• Monitor for a variety of security conditions and events.
• When a new security condition or event occurs, upon analysis of the machine learning training data and inspection class policies, determine an inspection tool and a specific level of inspection to perform on specific data at a certain point in the data life cycle.
• Perform the determined cyber inspection operations.
• Dynamically adjust the class of inspection tool and the specific level of cyber inspection to perform on the data to lower the risk and impact of future cyber attacks.
• Dynamically adjust a time range to perform cyber inspection operations based on cyber attack indications.
• Perform cyber attack forensics and historical analysis to determine particular data objects attacked, attack patterns, attack timings, attack sources, and other proactive insights into cyber attack activities and consequences.
• Restrict access control to data objects similar to particular data objects attacked.
For example, Compass might use these techniques to analyze cyber attack patterns and targets, recognize specific types of data or applications being targeted, and automatically restrict access control to similar types of data or applications in the enterprise.
In another instance, the technology might enable Compass to analyze machine learning training data from previous cyber attacks and previous cyber inspection operations to determine whether a different cyber inspection tool or a different level of inspection would be more effective at detecting particular types of cyber attack patterns. And if so, it may dynamically adjust the cyber inspection tool or level of inspection it performs against particular types of data in future cyber inspection operations.
The business outcome: lower risk of undetected cyber security events and continually improved data validation operations.