April 22, 2020

"Batea": Unsupervised Machine Learning, Penetration Testing and Intuition

Intuition, acquired through years of experience, is what sets experts apart from novices. Intuition is the ability to look at a large amount of information, quickly spot interesting items, and dismiss the rest. In the case of security audits, intrusion testers typically face hundreds - or even thousands - of assets early in an engagement. Their ability to  focus on priority targets can save dozens of valuable hours. Yet only the most experienced pen testers can do this confidently and effectively...those with intuition developed over years of accumulated experience. This talk will demonstrate how to use effective and modern machine learning methods to sift through mountains of network data to very quickly narrow down the scope to interesting, valuable and sometimes odd targets: the gold nuggets. In short, we’ll be demonstrating a substitution of machine learning for human intuition.

The presentation will be led by our own Lead AI Researcher, Serge-Olivier Paquette at Bsides Cyber Security Conference in Vancouver on April 22nd.

To learn more about "Gold Nuggeting" and DelveAITM, download our white paper, Automating Intuition: Applying Machine Learning to Outstanding Network Asset Detection, or contact us at [email protected]

To try Batea right now using our trained model:

To train your own model or to contribute to the project:

Batea Background

Delve delivers a complete vulnerability management solution that includes our exclusive Contextual Prioritization, a machine learning based vulnerability prioritization engine that ranks the severity or risk of every vulnerability on a corporate network using three dozen factors.  One of those factors it the "uniqueness" of the asset on which the vulnerability resides.

What is an Outlier Asset and Why is it Important?

Well-known by experienced pen testers is that certain assets on a network stand out as different in some way. Years of experience enable pen testers to identify assets on an enterprise network that stand out. Further, the best pen testers understand that these unique assets often constitute the softest targets, and can be ripe for compromise. Once the pen testers - of course we could substitute the word "pet tester" for hacker or threat actor - have compromised an outlier asset, their next step is often to identify assets similar to the successfully compromised outlier asset.  This allows them to move across the network, working to collect as many credentials and as much data as possible, essentially repeating their initial success as many times as possible.

Why is Outlier Asset Detection Important to Vulnerability Management?

If we know that threat actors are targeting a specific type of asset, any vulnerability on that asset - barring mitigating factors - would be considered higher risk than those on non-outlier assets for obvious reasons. Further, having some idea what assets may be most appealing to attackers is tantamount to having the opposing team's playbook, invaluable intelligence in the battle to secure the enterprise.

Enter Batea:  Machine Learning for Pen Testers and Vulnerability Management Practitioners

Batea's functionality was developed as part of Delve's Contextual Vulnerability Prioritization, one of the three dozen or so factors taken into consideration by the DelveAI engine when risk-ranking vulnerabilities.  But, as the results of Delve's outlier asset detection function are valuable in and of themselves, we decided to make the tool available for free independent of our vulnerability management product.