How Storm Analyzer works?

This initial phase of the system's operation, which involves gathering essential data through comprehensive scanning processes. We'll explore how Cybral Storm Analyzer conducts network topology scanning and vulnerability scanning to identify potential weaknesses and security gaps within your network infrastructure. Additionally, we'll discuss the subsequent phase where sophisticated Artificial Intelligence (AI) algorithms are employed to analyze the collected data.

Through this analysis, Cybral Storm Analyzer provides actionable insights and recommendations to strengthen your network's security posture. Let's begin by understanding the scanning process and how AI analysis enhances threat detection and response capabilities.

Input: Scanning Process

In the first phase of the system's operation, Cybral Storm Analyzer gathers crucial data through a full scanning process. This process involves two main components: network topology scanning and vulnerability scanning.

• Network Topology Scanning: Mapping out the layout and structure of the user's network infrastructure. By analyzing the physical and logical connections between devices and systems, the platform creates a detailed representation of the network topology. This information is facilitating better understanding and management of network resources.

• Vulnerability Scanning: At the same time, Cybral Storm Analyzer conducts vulnerability scanning to identify potential weaknesses and security gaps within the network. Using advanced scanning techniques, the platform accurately examines network devices, applications, and configurations to detect vulnerabilities, misconfigurations, and potential entry points for cyber threats. This proactive approach enables users to stay ahead of potential security risks and take necessary measures to strengthen their network defenses.

The scanning process begins by providing IP ranges for each subnet, allowing Cybral Storm Analyzer to systematically examine every corner of user organization's network. Alternatively, users will need to download containers, which serve as agents tasked with conducting the scanning process. These agents communicate with an agent master located on-premises, which acts as a connection between the user's network and the Storm SaaS portal.

AI Analysis

The AI analysis in Storm Analyzer is based on symbolic AI and reinforcement learning:

1. Symbolic AI Engine: The output from the NLP engine is used to generate an attack graph representing potential attack paths and relationships within the network.

2. Reinforcement Learning: The transition graph is analyzed by the reinforcement learning engine to rank the critical paths based on their criticality.

3. Gen AI : Generate human Text to represent the different attack scenarios and the associated remediations.

The AI analysis in Storm Analyzer is based on symbolic AI and reinforcement learning. It starts with providing the description of Common Vulnerabilities and Exposures (CVEs) and network topology as input to the Natural Language Processing (NLP) engine. The NLP engine processes this information and produces an output. This output is then fed into a symbolic AI engine, which generates an attack graph representing potential attack paths and relationships within the network.

The attack graph is further refined by a transition graph generator algorithm, which produces a simplified transition graph focusing on critical paths. This transition graph is then analyzed by the reinforcement learning engine, where the agent learns by making a sequence of decisions through trial and error.

The goal is to rank the critical paths based on their criticality. The result is a set of ranked critical paths, providing valuable insights for identifying potential threats and vulnerabilities.

Finally, all information regarding the critical paths and their significance, as well as the critical assets and their importance, is provided to the Gen AI. The Gen AI then generates possible attack scenarios and corresponding remediation steps.

By integrating these advanced AI technologies, Storm Analyzer offers a full approach to identifying, analyzing, and mitigating network vulnerabilities and potential attack paths.