Exploring Alternative Predictive Breach Models & Techniques With Columbia University
In late August, we announced a year-long partnership with Columbia University’s Data Science Institute. It’s a collaborative effort to explore new predictive breach models, develop new insights using our wide breadth and depth of data, and learn more about the connections between the specific vulnerabilities found in our proprietary data and kinds of attacks organizations are likely to succumb to. In this article, we talked to Luis Vargas, our Senior Data Scientist and Bob Sohval, our Director of Data Science, who gave us a detailed understanding of what is involved in the partnership, what results we’re expecting, and how it will impact our clients and the overall security community.
Improving security intelligence for all through the lens of education
We firmly believe in the idea that sharing security intelligence is one of the best ways to thwart hackers and prevent the damage attacks and data breaches have on organizations. It’s why white hat security researchers and security conferences exist. This new initiative is our way of contributing our own data and security intelligence and use our newly discovered insights and conclusions to help the security community better understand the larger trends of attacks and vulnerabilities.
We decided to work with Columbia University not only because they have a well-documented expertise in cybersecurity and machine learning but the department and their students are consistently looking for better ways to improve data science. Their computer science (CS) department has a strong expertise in the field of cybersecurity and their staff across the CS and data science department is well known in their contributions to the community.
With Columbia University, we’ll be utilizing a number of different methods, techniques, and approaches perfectly suited for a large and comprehensive amount of data that we’re sharing. Partnering with a university allows us to tackle a data science project from a different perspective than from our in-house department. Columbia University’s department will take an exploratory approach to the project that focuses on open-ended questions and hypotheses along with experimental data testing. This method will capitalize on the strength of an education environment that focuses on learning and discovery.
Making connections to improve breach predictability and improve our client’s experience
We will be sharing a huge volume of data, over hundreds of gigabytes a month, that makes up just a subset found within our platform. This data includes a number of datasets relevant to our factors, scoring, and discovered vulnerabilities. We’ll be taking a collaborative approach, providing broad goals and objectives in order to give Columbia University the independence and creativity needed to achieve the best results possible.
With the dataset we’re sharing with Columbia University, we’re looking for connections, patterns, and statistically significant correlations. Ultimately, we want to make new connections and discoveries using our data that can benefit our clients and the security intelligence community at large. Because understanding where the next possible breach may occur is critical to the community at large, we’ll be keeping an open eye on our successes and learnings that we will apply to any future projects.
Overall, this is an attempt to foster and facilitate security intelligence sharing and research in a manner that will improve the security intelligence community as well as directly impact our clients. Security research is one of our most important values and this is just a subset of our research and security intelligence initiatives. We’re excited to share our new findings in the near future.