Categories
Problems that solves
Shortage of inhouse software developers
Shortage of inhouse IT resources
High costs of IT personnel
Shortage of inhouse IT engineers
Values
Reduce Costs
Enhance Staff Productivity
SecBI Autonomous Investigation
SecBI detects full scope incident narratives through unsupervised and supervised machine learning, accelerating security investigations and time to mitigation
About Product
Description
Autonomous Investigation™ technology is based on unsupervised and supervised machine learning to analyze network traffic for detecting complex and stealthy threats. It instantly unveils an attack’s full scope, accelerating detection and threat hunting, and optimizing response and mitigation. SOC analysts are presented with complete attack narratives giving them visibility of all affected users and devices, and infection points involved in the same attack. The complete narrative provides analysts with actionable information, such as blocking malicious hosts.
Features:
SOC Operations
SecBI enables security analysts to stop chasing sporadic alerts with tedious investigation quests, to find forensic evidence or additional activity to fully detect and understand incidents, and accelerate incident response, investigation processes and reduce dwell time. The SecBI solution is easily and instantly deployed in organizations, with no additional appliances or agents. This effortless deployment delivers immediate results and requires no changes to the network infrastructure and workflows.
Automated Threat Hunting
SecBI’s Autonomous Investigation technology enables analysts hunt for threats more efficiently and gain insights into what’s happening in their environment. SecBI’s analytics combine unsupervised, supervised, and adaptive machine learning with statistical techniques to build comprehensive behavioral profiles. Analytics are integrated with high-fidelity, layered forensics ranging from rich metadata to support user or incident investigations to raw data enabling security analysts to test hypotheses. A big data-based architecture enables SecBI to scale easily, economically extending the hunting window to months and years as needed.
Incident Respond
SecBI’s Autonomous Investigation technology enables analysts to prioritize and investigate incidents more efficiently. SecBI leverages network traffic and security data, combined with threat intelligence, to provide unmatched visibility. The SecBI solution helps analysts of all experience levels achieve their goals more efficiently in any incident investigation and response scenario. Specifically, this means it supports analysts to place the right context on the alerts, investigate the high priority alerts within the relevant context, and consequently minimize the risk to their organization.
Forensic Analysis
The process of Incident Forensics (Post-Mortem) is critical in understanding what has happened during an incident. Whether the forensic information is gathered for regulatory or legal purposes, or for an internal understanding of the incident scope and impact, there are two critical parameters in a good forensic process: Time and Comprehensiveness. With SecBI’s simple and rapid deployment of a virtual software appliance, it takes only one hour to start the forensic process on any environment and get the full scope of the incident. SecBI’s machine learning analyzes and clusters all related forensic evidence, including infected devices, and their users, malicious C&C servers, compromised infection points, and the drop-point with which they communicated. Manually searching for forensic evidence, comparing multiple devices activities, writing complex queries to get the full story, is inefficient and ineffective. For strong forensics, allow SecBI to detect, cluster, summarize, and present all the relevant evidence in your data.
Benefits of Autonomous Investigation
- Enables faster and thorough incident response
- Facilitates more accurate next-step planning
- No need for additional hardware: neither appliances nor agents
- Saves SOC analysts time in chasing far fewer false positives
- Reduces dwell time