Early Detection of Advanced Persistent Threats

Threat intelligence and signature based defenses are proving ineffective at stopping today's advanced cyber criminals. If your organization is a likely target, you should be operating on the assumption that you have already been hacked.

But even the most advanced criminals leave fingerprints in the form of unusual software connecting to networks, anomalous access and abnormal data traffic patterns. The problem is that it is not possible to invest the time needed to find these activities using traditional rule or signature based approaches.

That's where Anomaly Detective comes in. Machine learning algorithms automatically determine normal behavior patterns for hundreds of thousands of data points. Automated anomaly detection provides early detection of the suspicious behavior patterns that security analysts need to know about. Forensic analysis times are slashed. And the result is you see threats as they develop and stop them dead in their tracks.



Find Suspicious Network Connections in Real-Time

  • Scan your entire network in real-time for any host making network connections with new or unusual software
  • Drill down to the forensic detail you need to make fast decisions
  • Resolve threats before data exfiltration begins


Identify Rogue User Behavior Patterns

  • Spot outliers from normal behaviors along multiple dimensions like source, destination, time of day, data tranmission rates, etc.
  • Find the unusual authorized access patterns that could indicate intrusion attempts
  • Get the evidence you need as it is happening



Distill the Important from Noisy IDS/IPS Alerts

  • Stop letting attackers mask their activity in the noise of your IDS/IPS alerts
  • Turn thousands of high severity alerts a day into a dozen important notifications a week
  • Get real-time notification of developing attacks



Accurately Identify Attacks Without Signatures or Rules

  • See how we handled a Honeynet Project firewall log analysis challenge
  • In minutes, we flagged unusual port scan and connection attempts without rules or signatures