Zero-Day Protection for All Your Important Assets

Full Visibility Into Your Network

No matter how large

We have built a set of collectors that capture data from a multitude of sources, such as NetFlows, Span port, Logs, SNMP, and many others, allowing us to describe the behavior of your network. Our architecture can support the largest networks, with the speed required to protect from zero-day and insider attacks.  Focusing on only one or a few of these data sources leaves you in the dark.  Why make decisions based on incomplete data if you don’t need to.

Summary of capabilities:

  • Deep Packet Inspection – High-speed packet capture, filtering, and analysis.
  • Automated security audits – Dedicated vulnerability and security misconfiguration scanning module.
  • Log Pattern Storage – Innovative, patent-pending technology for searching and storing logs.
  • Netflow data analysis – Real-time analysis of flow data for network attack detection.
  • Passive DNS analysis – DNS traffic behavioral analytics for a critical servers, stations, and devices.
  • Monitoring SSL/TLS – Active and passive auditing module for SSL/TLS helps you understand state of X.509 certificates inside your infrastructure.
  • Data exfiltration – Machine Learning based threat hunting post-exploit activity detection.
  • Topology discovery – Visualization of network topology, putting identified issues into context.

Artificial Intelligence

Using every available data source, quickly detect and resolve security issues

  • Hybrid supervised and unsupervised approach – We build one Deep Learning model starting with known malicious behaviors in supervised training. We build another model based on the client network profile to learn normal behavior, allowing us to identify outliers.
  • Below-the-threshold activities – Sometimes the anomaly signal is initially too weak to raise an alarm, though it might be a first sign of malicious activity. We detect such events and track them until we determine that it is significant or harmless.
  • Log Pattern Matching – While log files with known patterns are parsed for human readability, that slow process is not required for our machine learning application. Our patent-pending technology detects unknown types of attacks.
  • Real time streaming and model evaluation – Our distributed architecture processes the collector data immediately and builds multiple time-based models of device behavior.
  • User-Behavior Anomalies – We guard against insider attacks or identify already compromised devices, not only looking at user behavior, but also that of network devices.
  • Real-time Adaptive Machine Learning – Our platform can react in a real-time to user classifications, incorporating those into hybrid Machine Learning models.
  • Active Response and Protection – An ML-based IPSasS.

Solid, Powerful, and Secure Architecture

Secure, separated, and isolated cloud-ready functional modules

  • Ultra-secure by default using customized hardened kernel, mandatory access control profiles and memory-corruption exploit prevention techniques, restricted internal and external network traffic filtering, least-privileges rule in use, read-only images, and internal event auditing.
  • Custom, super-fast collectors/receivers using zero-copy for extremely efficient data transport, built-in support for clustering and replication.
  • Deep low-level security checks integrated in Continuous Delivery and Continuous Integration Process.
  • Secure Development Life Cycle implemented by using OWASP recommendations.
  • Strict CVE auditing for every component/library in use.
  • Internal penetration testing services built in the development process.