PRO: Human Quality Data Analysis at Scale

Programmable Reasoning Objects℠ capture analytic tradecraft and automate complex reasoning

Intro

How to Scale Human Sense-Making and Decision-Making

How to Scale Human Sense-Making and Decision-Making

DarkLight’s Programmable Reasoning Objects℠ or PROs℠, interpret the data like a human analyst. PROs are used to orient or make sense of the observations coming from the cyber ecosystem to support evidence-based decision-making and course of action selection. With the use of multiple reasoners, PROs transform the data from these discrete sources into actionable intelligence.

When PROs are chained together, they behave like a human’s neural network, inferring facts and identifying anomalous activity or events that would otherwise only be obvious to a team of cyber analysts.

Discovering the Unknowns

Data Analysis with PROs

Data Analysis with PROs

DarkLight PROs can also support activity-based intelligence (ABI) tradecraft to reveal hidden data that can only be inferred from what is known, and to discover the unknown unknowns in the cyber ecosystem. This type of ABI tradecraft reasoning focuses on transactions, behaviors, and activities rather than signatures or mathematical algorithms. Unlike a black box machine learning approach, the logic is exposed, defendable, and can be used for instruction and knowledge transfer.

DarkLight’s PROs capture the human analytic tradecraft knowledge needed to support automated, evidence-based sense-making and decision-making in the cyber ecosystem. PROs are easy to create by human analysts and can be shared with other DarkLight users both internal and external to the organization. Capturing human analytic tradecraft in PROs also protects the organization from “brain drain” should the analyst leave and enables the “crowdsourcing” of tradecraft expertise from the wider community of trust. These PROs are portable and powerful, and they can be created, shared and evolved by internal teams and the cybersecurity community.

The PRO Playbook Lifecycle

The PRO Playbook Lifecycle

The PRO Playbook Lifecycle

The steps in the PRO lifecycle are:

  1. Sensing (Subscribed data-object activates the PRO)
  2. Sense-Making (PRO gathers up all the facts the PRO author has pointed it to)
  3. Decision-Making (PRO invokes the Description Logic reasoner)
  4. Acting (PRO publishes what the PRO author specifies)
  5. Clear (PRO clears its memory and is ready for the next Subscribed data-object)

These lifecycle steps could be more generally stated as: get triggered by a subscription, collect up all supporting and relevant facts, run the Description Logic reasoner, and publish.

Watch this brief video to better understand the PRO Lifecycle:

*video contains no sound

Ready to use the power of DarkLight's AI for Active Cyber Defense?

Contact an Expert