Creating products that depend on scaling human domain expertise is one of the main challenges to overcome when leveraging data science. Real world problems are messy. Because data science still is in its infancy, in many industries today there are many operations that require manual execution but could be supported by AI i.e tools with better algorithms. When done right, developing products which solve repetitive tasks prone to human error or scale decision making to big data, everybody wins. Boring tasks are minimised to let users focus on creatively exploring the limits of what the better tools bring and discover new patterns. This is a feedback loop that generates new features that support new tasks as they are discovered.
Respecting the dynamic nature of solving such problems is complex but important and relies on deep interdisciplinary collaboration. Only by building broad understanding between domain experts and data scientists through meandering conversations, a shared goal can be found. This is how we developed THEA NORNA.
When building NORNA we realised that the challenges were numerous. Cyber threats always evolve to avoid detection. This results in huge complexity where patterns involving text, discrete and continuous data need to be considered simultaneously and individual occurrences of indicators only reveal maliciousness when evaluated as part of the whole.
To reflect this fact we built NORNA to be graph first. This choice assist two crucial aspects of threat investigations that benefit threat analysts. It makes it possible to quickly query data in a natural way, but also implement a data schema that allows for constraints on friend-of-friend’s to be made trivially. By also extending this with a GUI representation of the graph, data of different types and their relationships are immediately obvious. This limits analyst fatigue and relieves the analyst of the burden to repetitively refine queries through iterations where more and more false positives are excluded. Plus graphs are visually quite striking and fun to work with.