The Silicon Review
Swift investigation and proactive threat hunting are an integral part of cybersecurity to ward off attackers and to respond to threats. The important challenge in this is the overwhelming number of alerts, lack of visibility, and inadequate information. These factors will prevent you from achieving the tasks as mentioned earlier. Cybercrimes are on the rise today, and attacks like ransomware are hindering the growth of the businesses. Industry experts speculate that the number of losses in regards to cybercrime will continue to rise massively. No business is completely safe in our digital world because it is always filled with connected devices.
Cybersecurity professionals must be well equipped to protect the company’s interest, and Query.AI is a decentralized data access and analysis technology that simplifies cybersecurity investigations across disparate platforms, without data duplication. With Query.AI, you can analyze your enterprise data with a context in a language-, location-, and platform-neutral way to gain cost-effective consistent security operations and eliminate complexity. Query.AI was founded in 2018, and it is based in Brookings, South Dakota.
Organizations continue to struggle in attempts to centralize all of their security data in a single data repository. The reasons for this have evolved over time, but are generally related to technology scalability, high costs of SIEM solutions, and recent digital transformations with cloud adoption and the rise of SaaS companies providing security services in non-traditional ways. The outcome of these challenges has left data distributed in various silos, increasing complexity of access for analysts trying to understand and communicate with these different applications. It requires a significant amount of manual effort to find relevant data, aggregate and normalize it before they can even begin analysis. Security teams need ways to easily access and analyze data that is distributed in multiple repositories across platforms, locations, and cloud providers. Query.AI’s innovation is a browser-based application that acts as a real-time interactive command and control interface across an organization’s security infrastructure that simultaneously accesses the multiple data silos and returns the results to users in an aggregated and normalized format giving the appearance of all the data residing in the same data repository. The fact that the data is never moved to a central location and can remain where it lives provides significant flexibility and cost savings while reducing complexity. Additional intelligence in the system comes through the use of Natural Language Processing, allowing English to become a universal query language if desired; this means analysts no longer need to learn each system’s unique query language to search in each disparate repository. Having this real-time on-demand access to data vastly increases the analyst’s efficiency while reducing the MTTR of security incidents and helping complete investigations.
In conversation with Dhiraj Sharan, Founder and CEO of Query.AI
Q. How does your product help the security team with decision making?
During security investigations, a security analyst goes through a data collection process in an attempt to identify what is actually happening, and derive whether an actual security incident has taken place, understand the scope, and put together the appropriate response to remediate if necessary. This data collection often entails understanding the, who, what, where, when, why, and how of the potential issue and then concluding. By enabling this simplistic access to all the data that analysts need, Query.AI enables them to collect this information across their enterprise quickly. Furthermore, for common and repeatable investigations, workflows can be used to orchestrate data collection for aspects of the investigation. For example: interrogating an endpoint for information on its current state with a series of questions about patch levels, user activity, processes running in memory, or any additional information. Aggregating the data and providing a federated view with data-driven visualizations can also serve to highlight potential anomalies that may go unnoticed when assessed only in text form; this is another area where Query.AI will help provide value that drives decision making for a security organization.
Q. It seems like you are empowering users to retrieve, combine, interact with, explore, and visualize data from any combination of sources. You mentioned cybersecurity, but this sounds useful for so many purposes.
Yes, that seamless data interaction is exactly what Query.AI’s Decentralized Data Access and Analysis technology do. We have started with a focus on cybersecurity; however, several groups in a typical company suffer from challenges associated with accessing and analyzing data from multiple disparate sources. These include but are not limited to IT Operations, Network Operations, and many others. While we are starting with cybersecurity, we hope to see users apply it to a new set of problems.
Q. What are the anticipated trends in the cybersecurity AI segment? How does your approach support that?
People tend to talk about AI as an end-all solution, but we see a more practical approach to AI is to amplify and augment the human potential. As an example, AI can simplify the interaction for analysts and guide them through investigations when they are first starting out. The technology we have developed uses Natural Language Processing and data-driven visualizations and insights to guide new analysts through data exploration and investigation. Query.AI also captures processes followed by senior analysts and augments those into directly executable suggestions. This simplifies the investigation process and helps achieve efficient and consistent outcomes.
Meet the leader behind the success of Query.AI
Dhiraj Sharan is the Founder and CEO of Query.AI. He has been driving innovation as an engineer and entrepreneur for nearly 20 years. Having directly contributed to the success of several well-known technology companies, including ArcSight, HPE, Niara, Aruba, and Novell, his early career was spent engineering ArcSight from ground-up. Sharan is a prolific coder and a tinkerer, holding more than ten patents for advancements in cybersecurity and data analytics. He holds B.Tech CS from IIT (BHU, India) and Certificate in Management from Harvard. In his personal life, he is a family man and enjoys recreational sports.