Our process

endpoint-protection

1. ESTABLISH WHAT DATA YOU WANT MONITORED

SmithSec will work with you to determine the appropriate data sources in your SIEM or business that you would like to monitor. This can be firewall logs, endpoint logs, or any source of data that you are collecting. We can even assist with setting up new data sources that you want monitored as needed.

2. COLLECT DATA FOR ANALYSIS

SmithSec will collect 3-6 months of your chosen data source(s) for analysis. This data will be used to train the artificial intelligence on what is normal in your environment.

penetration-testing
pexels-google-deepmind-17485657

3. TRAIN THE ARTIFICIAL INTELLIGENCE

SmithSec will then train an artificial intelligence model on the collected data. This training can be performed within your own environment or a cloud environment; whatever you prefer!

4. TUNE THE ARTIFICIAL INTELLIGENCE

Once the artificial intelligence model is trained, SmithSec will fine tune it so that it only produces high fidelity results when given new data to evaluate.

artificial-intelligence-3382507_640
SPLUNK SETUP

5. DEPLOY THE ARTIFICIAL INTELLIGENCE

With a finely tuned working model, SmithSec will then deploy the AI as you see fit. This can be as simple as a Python script that runs on a server to a more advanced deployment of a dedicated inference server that runs within your cloud environment. This can be a custom as you like (e.g. having the model output its findings to a file that can be monitored by your SIEM).

6. MAINTAIN THE ARTIFICIAL INTELLIGENCE

SmithSec can periodically retrain your artificial intelligence model as needed to address changes in your data, making sure that you continue to get high fidelity anomaly findings.

Malware Debugging: C++ Reverse Shell