Dhiraj Sharan, CEO
"You're in the middle of an IR (Incident Response), the pressure is high, you are pivoting from one tool to another. The queries look the same, but they are NOT, and it's a MAJOR pain. Why can't these systems just speak the same language?" - Quoted from a Security Analyst, Fortune 50 IT Conglomerate
Unfortunately, this is the brutal reality for most cybersecurity teams today. Security Analysts and Threat Hunters have to dig through the mountains of data found in their multitudes of security products, pull the information, most of the time manually, into yet another tool to start performing an investigation. They learn early on that each system is different: the systems use different languages and diverse data formats, requiring extensive knowledge of each tool to leverage the information.
So why can't these systems just speak the same language?
Traditionally companies have aspired to implement a solution where they could neatly organize all their enterprise security data from various products in a single centralized platform. One which would enable them to query that system in its entirety, and get relevant and complete information back. It sounds like a great solution, in theory. That solution is typically described as a Security Information and Event Management (SIEM) system.
In practice, organizations that have thoughtfully and intricately attempted to aggregate all their data to a single place have run into more issues than solutions. This data is often scattered across diverse cloud platforms, multiple office locations, numerous SIEMs, Endpoint Detection & Response (EDR), and various other data stores. "The concept of universal data centralization promised to put all data in one place and in one format for simple access and analysis, but even after 20 years of attempts and millions of dollars spent, we as an industry have failed to do that,” says Andrew Maloney, the COO at Query.AI. “Businesses end up with multiple siloed data stores requiring analysts to search and compile data from each repository manually. This leads to massive inefficiency and frustrations for analysts who are charged with incident response and threat hunting."
Founded in 2018, Query.AI is on a mission to make security more accessible by helping organizations overcome the quandaries of siloed data analysis with an innovative approach allowing for decentralized data access & analysis. The company has designed its patent-pending Assistive-AI platform to act as a virtual analyst assistant and help guide security teams through investigations with answers and insights to all their security questions. “Companies can leave their data wherever it is and access it on-demand as needed,” comments Maloney.
Query.AI's solution is solving another fundamental challenge in security today, dealing with the diverse query languages specific to each data store that further impedes security teams' in attaining optimum results. Query.AI's solution incorporates natural language processing, allowing security teams to ask questions in simple English. This means security professionals can ask questions without going through various intricate query languages. The questions are automatically translated into specific query languages required by the platforms where the data is stored.
Andrew Maloney, COO
"Our clients can connect their disparate data platforms directly from their browser with our API-driven architecture to perform data analysis, independent of language, location, and platform," says Dhiraj Sharan, Founder and CEO at Query.AI. “We find that customers often save money eliminating data duplication and the need for hierarchical SIEM deployments”.
Query.AI accomplishes this by returning query results in an aggregated form through a virtual normalization layer for simple analysis providing security teams a federated view across every disparate platform as though the data all came from the same place.
We will continue to make our solution more intuitive and more intelligent by listening to our users and focusing not on replacing humans, but rather on amplifying human potential
Furthermore, to guide those less experienced, Query.AI’s assistive-AI technology IRIS (Investigations Response Intelligence Service) with her large number of pre-understood use cases and workflows, guides users through security investigations. “During investigations or threat hunting exercises, one particular question will often lead to additional questions and by working to understand the intention of the analyst, IRIS can help identify the best path or pivot required to complete the investigation,” states Sharan. Query.AI calls these guided investigations ‘workflows’ and describes the functionality as a very powerful natural language scripting construct for users to build upon and is easily customizable to meet their needs.
The unique approach of decentralized access and the value proposition of the AI-powered solution, coupled with Query.AI's domain and technology expertise, has helped the company emerge as a trusted name in the market. "This is an entirely different approach to security incident response and the first solution to provide a simplified manner, facilitating security operations without the need to first centralize the data," stated Maloney. "Our goal is to make security more accessible; we want to enable those interested in pursuing cybersecurity careers to be capable practitioners from day one, not the standard 6-12 months that is the norm today. That is a feat of unusual complexity."
"We will continue to make our solution more intuitive and more intelligent by listening to our users and focusing not on replacing humans, but rather on amplifying human potential," concludes Dhiraj Sharan.