Ellie Mae turns to AI for autonomous threat hunting

The mortgage processor is using threat intelligence, predictive analytics, and AI to proactively hunt advanced persistent threats like ransomware.

Ellie Mae turns to AI for autonomous threat hunting
Natali Mis / Getty Images

In the information security field, bad actors have the advantage: They play proactive offense while security is generally reactive in defense. To take a more proactive footing, some organizations have been adopting threat intelligence, a security practice that involves sifting through data to identify advanced persistent threats (APTs) before attacks occur. Firms such as Ellie Mae, which provides a cloud-based platform that processes about 44 percent of mortgage applications in the U.S., have taken threat intelligence a step further by leveraging predictive analytics to deploy autonomous threat hunting.

"The nature of threat hunting is very proactive," says Selim Aissi, senior vice president and chief security officer at Ellie Mae. "You don't wait until an attack has happened. You explore, prioritize, and investigate threats before an attack happens or even before a malware is known."

Ellie Mae started on developing its Autonomous Threat Hunting for Advanced, Persistent Threats project a little more than two years ago to combat threats such as ransomware, which Aissi calls the most existential and expensive threat to any business. The project has earned Ellie Mae a CIO 100 Award in IT Excellence.

In December 2019, the Emisoft Malware Lab released a report on the state of ransomware in the U.S., finding that the U.S. suffered an "unprecedented and unrelenting barrage of ransomware attacks" in 2019 with a potential cost in excess of $7.5 billion, including the cost of paying ransoms, data recovery, forensic investigations, and loss of revenue.

"The biggest threat to our industry and other similar industries has been ransomware," Aissi says. "The impact of ransomware to any company is devastating. In SaaS-type companies, when the service is interrupted for days or weeks, that's a disaster."

To continue reading this article register now

7 secrets of successful remote IT teams