Powerful Analytics & Risk Scoring Process
Employs a unique combination of Pattern recognition (supervised machine learning) with user and network node activity Profiling (unsupervised machine learning) and correlation with external/environment-specific Context data. In this way our canned analytics modules are able to use the right tool for the job for each use case and corresponding monitored activity.
Automatically builds adaptive profiles of “learned normal behavior”, detects deviations and complex attack patterns against large sets of data over time. Moreover, risk-scoring process is self-optimized for each monitored environment through security analysts’ feedback on detected suspicious activity.
Embedded Offensive & Defensive Expertise
Encapsulates our unmatched insight on targeted cyber-attacks, gained through hundreds of APT simulation and red teaming exercises over the last decade. Analytics modules and in specific pattern detection algorithms leverage our extensive knowhow on attack TTPs, along with the ongoing research of our Threats Labs on new evasion and deception techniques.
Threat Hunting & Visualization
Designed by security analysts for security analysts, Enorasys Security Analytics provides advanced visualization of risk scores and threat activity, along with a complete toolbox for fast and intuitive investigation of suspicious activity. The system can feed existing SIEM systems with alerts on high-risk activity and the analyst interface can be easily invoked through SIEM consoles for further investigation and analysis.
Footprint and time to value
Security Analytics run against existing logs and can also leverage data from best of breed, third party security sensors, not mandating the deployment of network inspection components, having in this way a minimal footprint inside the network. Moreover, due to out-of-the-box integration with Splunk Enterprise, the solution can immediately leverage existing Splunk deployments and provide immense value from the moment it is deployed.
Provided as a managed service, through our 24x7 Cyber Operations & Intelligence services, and as a Cloud/SaaS or on-premises solution for organizations that want to enhance their current SOC with unprecedented security insight through advanced security analytics.
Vertical and horizontal scaling allowing analytics to cope with tens of thousands of users, network nodes and vast amounts of data.