The tool, called “Batea,” which is named after the traditional pan used by gold miners to extract gold nuggets from sand, rapidly generates a list of assets on any network that are likely to grab the attention of an experienced hacker as attractive targets for initial compromise from which to launch an attack, says the company.
“Experienced [penetration testers] are able to identify assets on very large networks that are unique in some way, and these ‘outstanding’ assets are often prime targets for compromise for a number of reasons,” says Serge-Olivier Paquette, Delve’s Lead AI Researcher. “Using machine learning and other AI techniques, we can simulate the ‘intuition’ of an experienced pentester – or hacker – to automate that experience, and reveal which assets on an enterprise network are of most interest for the wrong reasons.”
Batea leverages machine learning techniques to separate unremarkable network assets from those that are likely to attract the most attention from a bad actor – i.e., the “gold nuggets,” says the company.
Pierre-David Oriol, Delve’s VP of Product Management adds, “Identifying outlier assets on our customers’ networks is just one of the nearly three dozen factors we use when ranking the remediation priority of a given vulnerability in a given network environment, but it’s an important one. We felt offering that one element of our product as a free tool would not only benefit the cyber security community, but also help us improve its results overall through its ability to train and share ML models over time.”
Batea Live is now generally available to the public, and can be accessed at the company’s site. For more, see the company’s white paper: “Automating Intuition: Applying Machine Learning to Outstanding Network Asset Detection.”