Autonomous Investigation: Full Scope Incident Detection
For effective threat remediation, organizations require the capability of seeing the full scope of all security incidents within a short time frame. These two requirements: A full scope report and speed are capabilities provided by SecBI with end-to-end visibility into specific behaviors in the network’s traffic. These behaviors are always tied to network users, devices and the activities performed by them. SecBI weaves together this full scope incident data with all historical and forensic evidence, available within seconds in a continuous manner.
Using proprietary machine learning and Big Data analytics, SecBI turns alert floods into prioritized lists of incidents that are simple to triage, investigate, and mitigate. The solution creates a comprehensive view of each cyber incident by combining disparate alerts, events, and logs into one narrative. This results in the elimination of unnecessary noise allowing the security analyst to focus on the valuable information needed for cyber investigations. The organization benefits from automatic incident investigation which dramatically shortens the response time of cyber security teams, enhancing overall protection levels and saving costs.
How It Works
SecBI continuously collects massive amounts of network security log data from the web proxy (secure web gateway) for update and analysis.
SecBI proprietary engine groups a collection of events that are significantly correlated and unique in their behavior into distinctive clusters. SecBI’s behavior ML clustering mechanism ensures detection as the clusters evolve based on changes of the network’s activity and provides faster response for planning the next steps.
Detection and Investigation
When SecBI Autonomous Investigation™ technology identifies a suspicious cluster, it presents the analyst with a full narrative and incident report complete with all related forensic evidence.
Unsupervised Machine Learning (ML)
SecBI augments Security Operation Center (SOC) teams and provides advanced technical capabilities for nonstop network traffic monitoring, threat detection, triage, and incident response, required for regulatory compliance or “just” for comprehensive, effective cybersecurity. Using several machine learning approaches, SecBI automatically hunts for cyber threats across the enterprise network.
Pattern and signature recognition are not enough to detect hidden malicious activity. Instead, SecBI utilizes unsupervised machine learning to uncover unknown advanced threats that other systems miss, by creating a comprehensive incident storyline and discovering cluster-based malicious activities. Machine learning is a kind of artificial intelligence that involves computer programs capable of learning and changing when exposed to new data. SecBI’s cluster-analysis algorithm groups together similar or related data points found throughout the network, making it possible to reveal unusual patterns of activity and detect unusual behavior that otherwise would not be detected by analyzing a single point. Analyzing clusters of activities make it much easier to identify attacks that would otherwise remain undetected.
SecBI’s solution can be deployed in the cloud for maximum flexibility and ease of deployment. No agents or physical appliances are required.
In case the client requires an on-premise deployment, SecBI can be easily deployed within the client’s SOC, no agents or physical appliances are required.