Threat Intelligence and Response
Our network-detection and response platform captures network metadata, enriches it with machine learning derived security intelligence, and applies it to your detection and response use-cases.
Our solution can:
Capture Data – Sensors are deployed across cloud, data centre and enterprise environments, where they extract relevant metadata from traffic and ingest external threat intelligence and Active Directory and DHCP logs. A uniquely efficient software architecture developed from Day 1, along with custom-developed processing engines, enable data capture and processing with unprecedented scale.
Normalise Data – Traffic flows are deduplicated and a custom flow engine extracts metadata to detect attacker behaviours. The characteristics of every flow are recorded, including the ebb and flow, timing, traffic direction, and size of packets. Each flow is then attributed to a host rather than being identified by an IP address.
Enrich Data – Data scientists and security researchers build and continually tune scores of self-learning behavioural models that enrich the metadata with machine learning-derived security information.
Detect and Respond
- Scores of custom-built attacker behaviour models detect threats automatically and in real-time before they do damage.
- Detected threats are automatically triaged, prioritised based on risk level, and correlated with compromised host devices.
- Tier 1 automation condenses weeks or months of work into minutes and reduces the security analyst workload by 37X.
- Machine learning-derived attributes like host identify and beaconing provide vital context that reveals the broader scale and scope of an attack.
- Custom-engineered investigative workbench is optimised for security-enriched metadata and enables sub-second searches at scale.
- Puts the most relevant information at your fingertips by augmenting detections with actionable context to eliminate the endless hunt and search for threats.
Using behavioural detection algorithms to analyse metadata from captured packets, AI detects hidden and unknown attacks in real-time, whether traffic is encrypted or not. AI only analyses metadata captured from packets, rather than performing deep-packet inspection, to protect user privacy without prying into sensitive payloads.Contact us