Empowering Teams with Data Awareness

Product Jun 12, 2020

Polarity Gives you Superhuman Data Awareness & Recall

Polarity is software-based Augmented Reality for your data. That means superior Data Awareness and Recall for your team. In this post, we break down what we mean by “Data Awareness”.

Empowering Teams with Data Awareness

Having the right data to make an informed decision is Data Awareness. It’s about being thorough, knowing what is available based on your past experience as well as what’s known by your teammates and through the tools you use.

Data Awareness requires knowing what information is relevant to whatever you are analyzing.  Polarity enables you to enhance your own analysis with valuable information from other sources like collective intelligence shared among your teammates and information from the tools in your workflow connected to Polarity through our open-source integration framework which currently supports more than 100 security products.  These sources enrich what you already know ensuring that you make informed decisions and have the complete story needed to take action quickly.

Our team at Polarity was inspired by their experience in intelligence and Incident Response.  Think of a scenario where you have two analysts, and both are investigating the same event.  They may not know about one another, and could be seeing it from different perspectives.  If they don’t communicate, it’s a problem that leads to an intelligence failure.  The traditional way to solve this issue is to have both analysts log their work in an investigation management system.  One analyst puts their notes into the system, and the 2nd analyst can search those notes - assuming they know where to look and what to look for.  Even when they do, it takes time which could be in short supply when dealing with a high priority investigation.  The problem is compounded when you consider all the tools used in a typical team; each tool has even more contextual information that may be relevant to an event under investigation, but are you aware of all that is available to help you make a decision and take action?

Data Awareness for the Most Common Indicators

Security teams use a variety of indicators in their work and each has contextual information that completes the full story. Polarity’s Data Awareness helps teams see all the context available for key indicators including (but not limited to):

  • External IPs
  • Internal IPs
  • Internal Host Names
  • Domains
  • Hashes
  • Email Addresses
  • CVEs

Notice the highlighted text in the email on the left. On the right, you can see that Polarity's computer vision has recognized the text on screen, and in real-time while the analyst is working, it has provided contextual information for the highlighted IPs, host name, domain, hash, and email address in the Overlay Window on the right. This contextual information can be pulled from any annotation from the user, the user’s teammates, or from open-source integrations with more than 100 popular security products.

With Data Awareness, whenever you’re looking at a list of IPs, domains, hashes, or other key indicators, each piece of information with a known association will instantly be highlighted by Polarity and augmented with contextual information, right on your screen.

Memory Augmentation Powers Polarity Data Awareness

Security teams see so much data on a daily basis that memorizing it isn’t a remote possibility. So Polarity’s memory augmentation does the impossible for you, remembering each piece of information coming from your tools, spreadsheets, and teamwide annotations, enabling you to see the story behind your security data. Memory augmentation helps you understand why information is relevant to your decisions.  It’s a core technology to delivering Data Awareness.

Polarity includes several types of memory augmentation:

  • “Remember” data you analyzed in the past (via your annotations): Annotating information in Polarity will give you immediate access to that information the next time you see the same piece of data. This means no more pivoting and searching from multiple platforms to find contextual information.

Notice the area highlighted in the image above.  This is an annotation; context you want to remember about the Host Name in this image.  For example, you can see that there is an ongoing investigation and another analyst named Alyssa is also working on it.  Each time this Host Name appears on your screen in any application, Polarity will share this context in real-time.

  • “Remember” data analyzed by your team (via their annotations): In the same way that you’ll always have access to your own annotations, you’ll also be enabled by your entire team’s annotations, as well as annotations from other departments. We call this collective memory. The collective memory removes the need to reference tickets, email, and chat to track down information, and it ensures that your team avoids any duplication of effort.

Notice the area highlighted in the image above.  This is an annotation made by one of your teammates; context that may be useful to you when working on this investigation.  In this example, your teammate has annotated the email address: jlawson@fbi.gov.  Each time this email address appears on your screen in any application, Polarity will share this context in real-time.

  • “Remember” information from tools in your security team (via integrations): Now that you’ve “memorized” information from data you or your team analyzed in the past, the next step is to get the same Data Awareness on the tools used by your team. With Polarity’s 100+ powerful, open-source integrations, you can get immediate access to the data in your tools without pivoting into those tools and searching them for information.  Integrations also allow you to direct other tools to take action, for example updating a ticket in your ticketing system. Security teams especially benefit from our integrations with platforms like Carbon Black, DomainTools, Flashpoint, GreyNoise, Palo Alto Networks, ReversingLabs, ServiceNow, Splunk, ThreatConnect, VirusTotal, and many more.

Notice the area highlighted in the image above.  This is data available from Carbon Black; context that may be useful to you when working on this investigation.  In this example, Carbon Black has context related to this hash.  Each time this hash appears on your screen in any application, Polarity will share this context in real-time.

What Next?

Read on to learn about Data Recall. See for yourself with a Polarity demo or trial. To learn more, take the Tour or tune into our next Community Tech Tuesday.