Graphs as the User Interface for AI

Posted by Leo Meyerovich on March 6, 2018

O’Reilly’s Data Show recently had our CEO, Leo Meyerovich, on to talk about why and how enterprises and data teams are adopting graph technology. You can check it out here where we dive into how we are using graphs as an interface to AI tools & data.

Meanwhile, our team is on the move. Let us know if you’ll be near one of our upcoming talks and events – we love catching up with current & new users!

  • San Jose: Nvidia GTC, March 26th-29th
  • San Francisco: Security analytics meetup with Databricks (Spark) and Trail of Bits (OS Query), April 4th.
  • Nashville: BSides Nashville, April 14th
  • San Francisco: RSA, Week of April 16th
  • Seattle: Microsoft’s annual Security Data Science Colloquium, June 2018
  • DC/NYC: In scheduling

Read More

Playbook Coverage as a Reliability KPI: A note on our NYC InfoSec talk

Posted by Leo Meyerovich on January 10, 2018

Ron Gula’s (ex-Tenable CEO) fireside chat at the NYC Infosec Meetup got serious when he questioned whether to optimize security team efficacy vs. efficiency. This dovetailed beautifully with our tech talk right before. When we explain visual playbooks, people quickly see how they cut MTTR, which in turn gets at both efficacy and efficiency. This has led us to think about what KPIs to focus on, so I ended up presenting a different take: focus on reliability… and an actionable KPI around that, playbook coverage.

crowd.jpgImage: Leo sharing visual playbook best practices

A key property of a visual playbook is it enables, for the investigations in the category the playbook was defined for, starting every investigation with a computer-assisted run through of best practices. Think tasks like data gathering, correlation, and inspection. Analogous to code coverage for software, we’ve started thinking about playbook coverage for incidents: what percent of investigations were covered by visual playbooks, or some complementary technique like orchestration? Playbook coverage measures how prepared IR is in practice. Making the KPI actionable, it provides a clear target for what to cover by the next report. In contrast, MTTR requires more thinking and interpretation.

To see more on this, go to the final slides @ .

– Leo

Read More