Contextal Platform is an open-source cybersecurity solution for contextual threat detection and intelligence. Developed by the original authors of ClamAV, it offers advanced features such as contextual threat analysis, custom detection scenarios through the ContexQL language, and AI-powered data processing—all operating locally to ensure data privacy.
“We created Contextal Platform to address the stagnation in the cybersecurity market for advanced threat detection tools, particularly in the open-source domain. Existing solutions are often based on outdated technology, lack adaptability, transparency, resilience, and struggle to keep up with increasingly sophisticated threats,” Tomasz Kojm, co-founder of Contextal, told Help Net Security.
“Our mission was to develop a free and open-source platform that empowers organizations of all sizes to detect and respond to threats using modern, context-focused techniques. As the original authors of ClamAV – the world’s most popular open-source antivirus – and with over 25 years of experience in cybersecurity, we combined our extensive expertise and industry insights to create a solution that directly addresses these challenges,” Kojm explained.
Contextal Platform features
Contextal Platform has been designed with innovation in mind. Here are a few of its unique features:
Deep contextual approach: Unlike conventional tools focusing on isolated data points, the platform emphasizes relationships, context, and metadata surrounding threats. This approach provides deeper insights while reducing false positives. Moreover, the analysis extends beyond current data, utilizing the platform’s global context.
Proactive threat detection: Contextal Platform is built for advanced, proactive threat detection. Using contextual scenarios, it’s possible to describe the nature of attacks more abstractly, avoiding reliance on specific content details. This approach makes scenarios versatile and effective against various threats.
ContexQL language: The solution features its own query language, which is easy to learn yet highly flexible and efficient. It allows users to describe relationships between data and access thousands of metadata entries collected by dozens of data processors. For instance, blocking emails containing negative sentiment or images with improper content can be done with a simple one-liner in ContexQL.
AI-powered and optimized: Contextal Platform uses AI in its data processors, utilizing neural networks and machine learning for advanced tasks like natural language processing and image classification. Importantly, all AI operations occur locally on the user’s infrastructure, ensuring that sensitive information remains private and secure. Additionally, the platform’s rich data extraction capabilities can be directly used to train custom machine-learning models.
Privacy first: As an open-source project, every aspect of the platform’s architecture and code is fully transparent and available for audit, modification, and extension by users. This eliminates vendor lock-in and hidden processes, ensuring complete control over the platform. Users can trust that their data remains secure and under their control.
Security and scalability: Sensitive operations are entirely isolated, workers are containerized, and the backend and data processors are written in Rust. Contextal Platform can even detect its own malfunctions, treating them as indicators for detection scenarios. No more security solutions being compromised themselves. The modular architecture at the same time allows the system to be scaled horizontally by adding more processing nodes as needed, making Contextal Platform handle massive data loads with ease, and with the official images for x64 and arm64 platforms, users can deploy or update the entire solution in minutes.
Future plans and download
Kojm told us they are continually enhancing the Contextal Platform to address the evolving demands of the cybersecurity landscape. In the short term, their roadmap includes:
- Enhanced AI/ML capabilities: Expanding AI-powered tools for anomaly detection, predictive analytics, and automated responses, including the development of AI-assisted detection scenario generation.
- User collaboration: Introducing features that facilitate scenario sharing and collaborative threat detection strategies within the open-source community.
- Improved threat intelligence: Adding support for new data processors and formats, alongside integrations with external threat intelligence feeds.
Contextal Platform is available for free on GitHub.
Must read: