Automated Threat Detection, Investigation & Response
SecBI detects full scope incident narratives through unsupervised and supervised machine learning, accelerating security investigations and time to mitigation. The solution is based on proprietary “Autonomous Investigation” technology and supports the use cases described below:
To read more download SecBI’s product brochure
SecBI enables security analysts to stop chasing sporadic alerts with tedious investigation quests, to find forensic evidence or additional activity to fully detect and understand incidents, and accelerate incident response, investigation processes and reduce dwell time. The SecBI solution is easily and instantly deployed in organizations, with no additional appliances or agents. This effortless deployment delivers immediate results and requires no changes to the network infrastructure and workflows.
SecBI’s Autonomous Investigation technology enables analysts hunt for threats more efficiently and gain insights into what’s happening in their environment. SecBI’s analytics combine unsupervised, supervised, and adaptive machine learning with statistical techniques to build comprehensive behavioral profiles. Analytics are integrated with high-fidelity, layered forensics ranging from rich metadata to support user or incident investigations to raw data enabling security analysts to test hypotheses. A big data-based architecture enables SecBI to scale easily, economically extending the hunting window to months and years as needed.
SecBI’s Autonomous Investigation technology enables analysts to prioritize and investigate incidents more efficiently. SecBI leverages network traffic and security data, combined with threat intelligence, to provide unmatched visibility. The SecBI solution helps analysts of all experience levels achieve their goals more efficiently in any incident investigation and response scenario. Specifically, this means it supports analysts to place the right context on the alerts, investigate the high priority alerts within the relevant context, and consequently minimize the risk to their organization.
The process of Incident Forensics (Post-Mortem) is critical in understanding what has happened during an incident. Whether the forensic information is gathered for regulatory or legal purposes, or for an internal understanding of the incident scope and impact, there are two critical parameters in a good forensic process: Time and Comprehensiveness. With SecBI’s simple and rapid deployment of a virtual software appliance, it takes only one hour to start the forensic process on any environment and get the full scope of the incident. SecBI’s machine learning analyzes and clusters all related forensic evidence, including infected devices, and their users, malicious C&C servers, compromised infection points, and the drop-point with which they communicated. Manually searching for forensic evidence, comparing multiple devices activities, writing complex queries to get the full story, is inefficient and ineffective. For strong forensics, allow SecBI to detect, cluster, summarize, and present all the relevant evidence in your data.