Adlumin's flagship product Sentry is a cloud delivered SaaS platform that detects identity based attacks in real time using user behavior analytics and active defense. We find attackers impersonating your legitimate employees. As a cloud delivered SaaS application Sentry deploy's in minutes and starts detecting threats immediately by building a pattern of life for every user. User & Entity Behavior Analytics (UEBA)

• Artificial Intelligence-Based Decisions
• No Rules to Write or Hardware to Manage
• Artificial Intelligence Writes Your SIEM Rules
• 24/7 Network Vulnerability Assessment
• Analyzes Firewall, VPN Log Data, & Network
• Automated Anomaly Interpretation
• User and Device Context/Correlation

Log/Device Management

• Automated log and Device Ingest
• Critical Server Log Management
• Real-time Intrusion Detection Alerts
• Windows & Linux Server Management
• Cloud and On-premise Ingest
• Integrated Compliance Management (PCI, FFIEC, FINRA)
• Secure & Encrypted Log Management
• Log Data Normalization

Automated Compliance

• Includes Reports Designed to Hand to Your Financial Auditor
• Risk Management, Visualization, and Analysis
• Automated Reporting for Auditors and Compliance
• Make Decisions in Minutes, Not Days
• Financial Compliance Audit Reports Included
• Know Everything About an Account with 1 Click
• 90-Days of Research Included with SIEM
• 24/7 Anomaly Hunting w/o Hiring Anyone
• Designed for Financial Institutions
• Understand Risk with 1 Button Click

Adlumin collects and indexes data from just about any source imaginable – network traffic, web servers, VPNs, firewalls, custom applications, application servers, hypervisors, GPS systems, and preexisting structured databases. Not only does Adlumin ingest data from any source on your network, we also run sophisticated analytics and machine learning algorithms against all incoming events and use the results as metrics to determine what is anomalous and what is malicious.

Alcide Kubernetes Advisor is a Kubernetes multi-cluster vulnerability scanner that covers rich Kubernetes and Istio security best practices and compliance checks such as Kubernetes vulnerability scanning, hunting misplaced secrets, or excessive secret access, workload hardening from Pod Security to network policies, Istio security configuration and best practices, Ingress controllers for security best practices, Kubernetes API server access privileges and Kubernetes operators security best practices. Alcide Advisor is an agentless Kubernetes audit, compliance and hygiene scanner that’s built to ensure a friciton free DevSecOps workflows. Alcide Advisor can be plugged early in the development process and before moving to production. Get a single-pane view for all K8s-related issues: audit, compliance, topology, network, policies, and threats with Alcide Advisor, and integrate it with your CI/CD pipeline. With Alcide Advisor, the security checks you can cover includes:

• Kubernetes infrastructure vulnerability scanning
• Hunting misplaced secrets, or excessive priviliges for secret access
• Workload hardening from Pod Security to network policies
• Istio security configuration and best practices
• Ingress Controllers for security best practices
• Kubernetes API server access privileges
• Kubernetes operators security best practices
• Deployment conformance to labeling, annotating, resource limits and much more

Whether you are looking to secure Kubernetes cluster hygiene in your CI+CD pipeline, or to ensure consistent multi-cluster conformance, Alcide Kubernetes Advisor provides you with valuable benefits from day one: SecOps get visibility Into Kubernetes black box – from network and hygiene perspective and are able to get high resolution in cluster detection of threats. DevOps get to harden their cluster’s security and detect drifts in their software supply chain. Alcide also supports policy customization by security pros, that are monitored by DevOps. You can apply multiple policies managed by different teams, and violations can be routed to either ChatOps tools like Slack or security toolchain like Splunk.

Allure Security reduces data loss by analyzing risks associated with document access and sharing activities, inside and outside of an organization’s control. Their patented technology combines the power of beacons, threat intelligence and active defense to detect and respond to digital risks, better understand the scope of attacks and hold bad actors accountable. Fields of Appliance: Website Spoofing Allure Website Beacons detect a spoofed website as soon as it is viewed by the first visitor, which initiates the take down process immediately upon fraud being committed. Intelligence is then collected to quantify customer and brand impact, inform responses (i.e. notify impacted clients to reset passwords) and uncloak attackers. The spoofed website can also be flooded with decoy credentials until the site is taken down to devalue the information collected by the adversary, and Allure Decoy Documents are used to detect intrusions resulting from attacks. Cloud-Share Risk Allure continuously watch document activities in the cloud and use patented document beacons to track documents after they’ve been downloaded, copied or shared externally. We enrich all file activities with proprietary geofence insights and leverage unique model-based analytics to surface and mitigate risks that otherwise go undetected and unaddressed. Users can generate scheduled or on-demand risk reports, integrate with a SIEM to correlate findings, create custom email alerts based on specific criteria, and deploy decoy documents to foil and reveal hackers and leakers. Intrusions & Insiders Allure uses attacker behaviors and confidence to the advantage of investigators to narrow and eliminate suspects by planting or sharing alluring documents with beacons to see who takes the bait. Once documents are opened, investigators will receive proprietary geofence and telemetry insights. Attackers and leakers can be revealed by correlating Allure's insights with other available data, and attackers can be held accountable by sharing identifiable findings with company decision makers and/or law enforcement. What it provides?

• Third-Party Monitoring. Know when third parties mishandle or share files outside of policy
• Document Flow Analytics. Uncover file access and sharing patterns both inside and outside of an organization
• Breach & Leak Detection. Be alerted early in the attack cycle if sensitive files are compromised or exfiltrated
• Risk Reports. Schedule monthly reports or generate them on-demand
• Data Loss Forensics. Track data loss back to the source and hold culprits accountable
• Geo Location Enrichment. Enrich file logs with proprietary geo location insights

Amazon Pinpoint makes it easy to engage your customers by tracking the ways in which they interact with your applications. You can then use this information to create segments based on customer attributes and behaviors, and to communicate with those customers using the channels they prefer, including email, SMS and mobile push. Once the customer conversation has begun, Amazon Pinpoint collects metrics that help you better understand the impact of your communications. You can use these insights to improve the effectiveness of your future campaigns. With Amazon Pinpoint, you pay only for what you use. There are no upfront contract negotiations, no fixed charges, and no minimum usage fees. Our competitive pricing model lets you start small and scale up as your needs increase. Amazon Pinpoint Benefits Powerful Application Analytics Collect information about the users of your applications by integrating the AWS Mobile SDK into your application. Amazon Pinpoint will gather information about the ways in which your customers use your applications, as well as information about the devices they use, and any custom attributes that you define. Global Reach Send messages to customers using the communication channels they prefer. You can send email to prospective customers, and send push notifications directly to users of your mobile applications. You can also send text messages to customers in over 200 countries around the world, from Afghanistan to Zimbabwe. Highly Reliable Amazon Pinpoint runs on the highly reliable Amazon Web Services infrastructure. Multiple datacenters and redundant systems ensure the highest levels of availability. Cost-Effective Pay as you go, and pay only for what you use. There are no upfront fees, no fixed expenses, and no minimum charges. Target 1,000 customers, track 100 million app events, and send 1 million push notifications per month for free.

Blindspotter is a monitoring tool that maps and profiles user behaviour to reveal human risk. It integrates a variety of contextual information in addition to logs, processes them using a unique algorithm, and offers a wide range of outputs from warnings to automatic interventions. Blindspotter is an advanced component of the Contextual Security Intelligence Suite. It discovers previously unknown risks and guides the investigation of threats through CSI Risk. It improves enterprise security and enhances flexibility, without hindering business activities. Blindspotter is a real-time user behavior analytics (UBA) solution that monitors and analyzes users’ activities, and detects unusual behavior to help prevent theft. Blindspotter collects users’ “digital footprints,” builds a baseline of activities using advanced machine learning algorithms, and detects anomalies in real-time. Malicious insiders acting oddly or and the lateral movements of external attackers are revealed. Blindspotter creates a priority list of events to improve the efficiency of security teams as well. It prioritizes the riskiness of behaviors and focuses on potentially high-risk situations and activities. Any analytics solution is only as good as the data that feeds it. Blindspotter leverages Balabit’s syslog-ng technology, which is proven and trusted in more than one million installations around the world. It also leverages Balabit’s Identity Access Management technology to analyze high-fidelity recordings of user activities such as screen recordings or command line interaction. Blindspotter’s uniquely pluggable architecture enables analysis of other user data in addition to logs and IAM recordings. Custom connectors to proprietary APIs can be written within hours, and out-of-the box integration with many commonly-used data sources is standard. Blindspotter combines the results of several big data models to ensure that attackers cannot fly under the radar, while ensuring that security teams are not overwhelmed by thousands of false alarms. It takes risk exposure levels of individual users into account and prioritizes potential incidents, allowing allows security teams to effectively optimize their efforts. Blindspotter is the next layer of defense against APTs. Traditional pattern-based solutions or perimeter defenses fail to provide adequate defense against the most dangerous types of attacks. The total cost of ownership for Blindspotter is relatively low as it does not require any manual pattern writing, rule definition or updates, and ecurity staff do not need to regularly maintain the solution.

Risk Fabric is a cyber risk analytics platform that calculates the value at risk associated with specific threats and vulnerabilities, and prescribes actions to measurably reduce cyber risk exposure. Using patented contextual data models and user and entity behavioral analytics (UEBA) technologies, stakeholders across the business common can now have metrics that prioritize remediation activities to the risks that matter most.

Key benefits:

• Proactive identification of exploitable critical systems and applications
• Actionable cyber risk insights throughcorrelation of relevant vulnerability and compliance data
• Effective response through prioritization and remediation of vulnerabilities

Bottomline’s Cyber Fraud and Risk Management solutions are fueled by a singular, innovative, intelligent, and adaptive platform that is built on a foundation of real-time user behavior analytics and intelligent machine learning, infused with deep risk, compliance and payments security expertise. This market-proven technology delivers real-time cross-channel fraud detection and prevention for even the most complex use cases and powers Bottomline’s comprehensive suite of Secure Payments, Compliance and User Behavioral Analytics solutions. Integrated with rich visualization and forensic tools, Bottomline’s Cyber Fraud and Risk Management platform is trusted by some of the largest corporations and financial institutions in the world.

It empowers security, risk, compliance and investigative teams to:

• Dramatically improve visibility and reduce risk with cross-channel protection that leverages intelligent machine learning, rules based detection, and behavior profiling
• Stay ahead of regulations and protocols through technology infused with deep risk and compliance expertise across industries, payments types and applications
• Easily evolve your payment security program through a highly extensible and flexible platform that advances with your program as needed

Cyber Fraud and Risk Management Solutions Include:
Compliance. Accelerate speed to achieve regulatory compliance requirements, while decreasing complexity.

As part of the Cyber Fraud and Risk Management suite, Bottomline’s Compliance solution provides corporations and financial institutions with a powerful end-to-end offering to accelerate the speed to achieve regulatory compliance requirements while decreasing complexity.

Whether the need is around modernizing an anti-money laundering program, achieving more reliable sanctions screening, improving payments monitoring, highlighting settlement exposure, or automating suspicious activity reporting to meet regulatory requirements, Bottomline’s Compliance solution offers a modular approach to reducing the cost of compliance and increasing productivity.

 

Secure Payments. Protect payments across a variety of applications, channels, and payment types.
Bottomline’s Secure Payments solution protects payments across a variety of applications, channels, and payment types.

Whether it is one business critical application, channel and payment type, or a variety, our highly flexible and extensible platform delivers proven protection against payment fraud through advanced analytics of user behavior and transaction flows layered with intelligent machine learning, reducing risk for some of the largest corporations and financial institutions in the world.

 

User Behavior Analytics. Quickly identify and stop anomalous user activity through rich fraud analytics.
Bottomline’s User Behavior Analytics solution quickly identifies and stops anomalous user activity through intelligent machine learning, rules based detection, and years of experience protecting some of the largest corporations and financial institutions in the world.

The solution captures all user behavior in real-time across all vital systems and provides protection for both external threats in which user credentials have been compromised and internal threats from authorized users.

Powered by an analytics engine, statistical profiling of users and peer groups, alert correlation that includes predictive risk scoring and the ability to visually replay all user activity, the solution is purpose built for today’s threat landscape.

Even the most effective security teams are often forced to play catch up during emergency situations due to limited time and resources to perform regular, proactive analysis and evaluate potential risks. Any delays during the investigation prolongs downtime and leaves the organization open to increased risk. Once the scope of an attack is understood, dispersed processes and tool sets can cause bottlenecks that delay the remediation of problematic endpoints. CB LiveOps is a real-time query and remediation solution that gives teams faster, easier access to audit and change the system state of endpoints across their organization.
By providing administrators with real-time query capabilities from a cloud-native endpoint protection platform, CB LiveOps enables teams to make quick, confident decisions to improve their security posture. CB LiveOps closes the gap between security and operations, allowing administrators to perform full investigations and take action to remotely remediate endpoints all from a single solution. Key Capabilities Single Agent, Cloud Platform CB LiveOps is built on the PSC, a cloud-native endpoint protection platform that offers converged prevention, detection, and response with additional services that can be activated as you need them, using the same converged agent, without any additional deployment or infrastructure. On-Demand Queries CB LiveOps gives your Security & IT Operations team visibility into even the most precise about the current system state of all endpoints, enabling you to make quick, confident decisions to reduce risk. Immediate Remote Remediation CB LiveOps closes the gap between security and operations, giving administrators a remote shell directly into endpoints to perform full investigations and remote remediations all from a single cloud-based platform. Simplified Operational Reporting CB LiveOps allows you to save and re-run queries to automate operational reporting on patch levels, user privileges, disk encryption status and more to stay on top of your everchanging environment. FEATURES

• Pre-Built Recommended Queries

• Easy query builder

• SQL query (open text field)

• Copy & Re-run Queries

• Save and favorite queries

• Email notifications

• Filter and group results

• Data export

• Secure shell for remote remediation

• Two-way API

As enterprises face a shortage of skilled security professionals, security teams often spend too much time monitoring and validating alerts, which limits their ability to address other security needs. Moreover, when prevalent outbreaks occur, security team investigations are limited by the resources and data available in their own environment, making it difficult to craft an effective remediation plan until the full scope and root cause of an event is determined. CB ThreatSight helps solve these problems by providing an industry-leading, subscriptionbased monitoring service for CB Defense. Built directly on the CB Predictive Security Cloud™ (PSC) platform which applies big data analytics across unfiltered data from millions of endpoints, CB ThreatSight is staffed by a world-class team of security experts who are constantly studying and analyzing the data in the PSC using advanced machine learning and algorithmic toolsets. Offered as a managed service directly from Carbon Black, threat hunters on the CB ThreatSight team work side by side with you to validate and prioritize alerts, uncover newthreats, and accelerate investigations with capabilities such as predictive root cause reporting. Key Capabilities Threat Validation and Insight With round-the-clock eyes on glass, your team can have true peace of mind knowing that an additional layer of experts are helping to ensure threats don’t get missed. Carbon Black’s security experts work side by side with your own team to validate alerts and provide additional human insight to speed up remediation for improved stability and resource utilization. Monthly Reporting Our CB ThreatSight experts provide monthly reports that summarize monthly activity across your environment, including the most common suspicious events and most targeted machines. These reports serve as a starting point for refining policies, help your team see big picture trends and make executive reporting effortless. Outbreak Advisories Carbon Black’s Threat Analysis Unit constantly monitors threat trends across the globe. When widespread and newsworthy outbreaks occur our ThreatSight team sends out advisories that include indicators of compromise, giving your team a jump-start on assessing risk and closing gaps. FEATURES

• Threat validation

• Email alerting

• Root cause analysis

• Threat advisories

• Monthly reporting

Predictive EPP combines full spectrum threat detection, predictive analytics and automated mitigation to eliminate advanced threats. Features: A Single Sensor NextGen AV, EDR and Insider Threat Detection are the three pillars of endpoint security. Predictive EPP consolidates these in a single sensor, platform and management console. It simplifies deployment and maintenance, reducing the Total Cost of Ownership. NextGen AV, EDR and Insider Threat Detection Predictive EPP detects malware on-disk and suspicious behavior in the OS. It is the only solution that detects advanced threats in physical memory. GoSecure Advanced Mitigation Services, integrated with Predictive EPP, extends threat detection across the network, endpoints, and the cloud. Machine Learning Predictive EPP applies advanced Machine Learning to on-disk, OS behavior, and in-memory threat data. It delivers predictive accuracy and reduces false positives to near zero. Machine Learning provides the confidence to convict, prioritize and mitigate threats faster and more efficiently. Predictive Analytics Predictive Analytics integrates the analysis of behavior on disk, in the OS and in memory. It accesses a threat library of over 4,000 traits and capabilities to predict threat intentions and pinpoint root causes. Predictive Analytics delivers the visibility needed to mitigate threats before they can execute. Automatic Mitigation Predictive EPP automatically mitigates threats. Quarantine, Kill Process and Inoculate terminate threats in the early stages. Deny, Delay and Degrade provide additional time to focus on the highest priority threats and make better mitigation decisions. Cloud Delivered Predictive EPP is offered in the cloud, via managed security services and on-premise. Organizations can fund out of OpEx or CapEx. Cloud and MSS options offer Predictive EPP in a single, affordable monthly subscription. Benefits:

• Detect the Most Threats. Endpoint Protection Platform automatically collects and analyzes behavioral data on disk, in the OS and in memory to detect threats that evade other solutions
• Predict What Threats Will Do. It combines Predictive Analytics with advanced Machine Learning, to analyze threat capabilities and predict threat intentions with near zero false positives
• Automatically Mitigate Threats. Automatic mitigation actions delay and prevent the spread of threats to other endpoints on the network
• Advanced Mitigation Services. GoSecure combines Predictive EPP with threat hunting and mitigation expertise to help Security Teams protect their sensitive data and business operations

To develop such threat awareness, MOREAL is based on big-data analytics principles, along with correlation of primal information brought out from logs provided by the underlying network and network security infrastructure. Monitor More precisely, logs are initially analysed, correlated, and collated with Open Source and Crypteia Networks Security intelligence to generate secondary and trietary threat intelligence by the Threat Intelligence Engine of the MOREAL platform. Report Then our Engine augments threat knowledge by behavioural, and statistical analytics, as well as, reputation pattern matching. The MOREAL core reasoning process is found on computations on graph and meta-graph models that are generated from any internal and external connection that can be logged. Alert In particular, graphs and meta-graphs are processed with algorithms that compute efficiently plausible threat paths with a likelihood scoring approach based on observations of the protected infrastucture and Security Intelligence in terms of IP reputation, malware, and traffic patterns. Crypteia Threat Intelligence & Management Service from PCCW Global delivers:

• A new layer of defence, complementing existing ones and maximizing value of network logs already generated & collected by your clients
• Non-intrusive and scalable cloud-based solution for rapid deployment
• Threat aggregation and behavioural analysis identifies threats in their infancy
• Real-time mitigation recommendations
• New visibility into existing security systems and hardware

Crypteia Threat Intelligence & Management Service enables your clients to achieve optimal security by:

• Utilizing advanced behavioural analytics and machine learning to help distinguish real threats from ones that cause non-productive, costly actions
• Generating actionable reports via a single intuitive dashboard
• Viewing network / security health and utilisation in real-time
• Leveraging a global threat database that uses Big Data Analytics and crowd sourcing to identify emerging threats
• Using advanced correlation engines for known and unknown threat identification, now penetrating and potentially already existing in your clients’ network
• Deploying enhanced security simply and quickly via a pure cloud solution, with an on-prem option available

MOREAL components ThreatDB ThreatDB is a platform that aims to collect and aggregate data from several different Threat Information Sources into a unique structure, similar to other commercial sharing platforms, such as IBM X-Force Exchange, Microsoft Interflow and HP Threat Central. It has as a main purpose to make security information easily accessible to any kind of Threat Intelligence System. In reality, it allows decision-making systems to focus on the security analysis, rather on the overkill of data normalization. That is a significant pre-processing step, which simplifies post-processing for all future consumers and it sets a good baseline towards real-time alerting. GraphIQ Extracting the most significant activity in a network with millions of transactions is a challenging task, but one that is critical in the process of analyzing behaviours, detecting issues and recognizing the most significant interactions in a monitored network. GraphIQ is a MOREAL component that aims to aid in this task, leveraging low-level and high-level information from other MOREAL ThreatIQ components. The most frequent IP flows and especially the ones “surprisingly” frequent, along with the flows exhibiting anomalies and threat events are extracted in a common format which is then utilized in other MOREAL components like the branch-level network graph. Anomaly detection Anomaly detection (AD) is a ThreatIQ component that detects suspicious behavior based on “deviations” from historical models of activity. The justification for using anomaly detection for inferring suspicious behavior is based on the observation that many malicious actions leave a footprint that significantly changes the typical behavior of an entity. For example, a malware may alter the observed traffic patterns when trying to propagate to other workstations or when communicating with C&C servers. When combined with input from other systems, significant evidence may be accumulated in order to raise security alerts for zero-day attacks or in order to provide a level of defense for customers not protected by other security measures. Behavioural clustering Behavioural Clustering is a ThreatIQ component that groups entities utilizing attributes such as proximity and similarity by behaviour (collection of MOREAL aggregated metrics) and extracts information from those groups about the severity of each entity based on security events associated with the group.

 The Cybereason platform is powered by a custom-built in-memory graph, the only truly automated hunting engine anywhere. It detects behavioral patterns across every endpoint and surfaces malicious operations in an exceptionally user-friendly interface.
Cybereason Offerings Deep Hunting Platform The Cybereason Deep Hunting Platform delivers endpoint detection and response (EDR), nextgeneration antivirus (NGAV), managed threat hunting, and threat intelligence — all in one solution and one single lightweight sensor.
Built using Cybereason's proprietary cybersecurity data analytics architecture, the platform focuses on collecting and analyzing behavioral data and correlating disparate data points to identify malicious operations and facilitate immediate action. The Cybereason Deep Hunting Platform doesn't simply secure your data; it leverages your data to secure.

Cybereason Complete Endpoint Protection Implement comprehensive endpoint protection with Cybereason’s Complete Endpoint Protection platform. The solution integrates the power of EDR and next-generation antivirus (NGAV) so you can replace your legacy AV with a single advanced endpoint solution.

• Combination of centralized and endpoint-side analytics

• Behavioral analysis in the Cybereason Hunting Engine

• Full attack lifecycle protection

• Single sensor and single Response Interface

Cybereason RansomFree Keep your personal files safe from ransomware with Cybereason RansomFree. Built on the same Cybereason detection methodology, RansomFree is protection software designed to detect and stop ransomware from encrypting your files. With a mission to help everyone – not just large enterprises, it provides RansomFree at no cost because protection should be accessible to everyone.

Cynet 360 is an advanced threat detection and response platform that accurately detects sophisticated cyber-attacks such as Advanced Persistent Threats (APT), advanced malware, trojans, ransomware and zero-day attacks that maybe lurking in an organization.

Cynet’s full enterprise visibility of endpoint and network activity allows it to detect threat indicators across the attack chain. Through continuous monitoring across files, user behaviors, network traffic, and endpoints, behavioral and interaction indicators are assessed to give a complete picture of an attack operation over time.

Cynet’s machine learning algorithms constantly profile what’s normal for a monitored environment; observed anomalies, threat indicators, suspicious traffic, and decoy interactions are correlated and enhanced with Cynet’s Threat Intelligence Cloud to provide true alerts of security incidents with risk levels for rapid response triage.

Driven by a light-footprint sensor agent, Cynet can be rapidly deployed to thousands of hosts with Windows, Mac OS, or Linux OS with no impact to the user. Automatic or manual response can be done through a single interface, enabling the remediation of affected hosts by killing processes, verifying files with dynamic analysis, blocking traffic, removing files, restarting hosts, changing passwords and more. Advanced forensic capabilities reveal direct threat evidence on an affected host, and associates the host with processes, users and network traffic data.

Cynet CyOps delivers additional value to the Cynet 360 platform with 24/7 insight and intelligence. Staffed by an elite group of cyber threat analysts and investigators, Cynet’s CyOps is an extra set of expert eyes dedicated to continuously monitor, prioritize and respond to threats.

The Enterprise Immune System is the world’s most advanced machine learning technology for cyber defense. Inspired by the self-learning intelligence of the human immune system, this new class of technology has enabled a fundamental shift in the way organizations defend themselves, amid a new era of sophisticated and pervasive cyber-threats. The human immune system is incredibly complex and continually adapts to new forms of threats, such as viral DNA that constantly mutates. It works by learning about what is normal for the body, identifying and neutralizing outliers that do not fit that evolving pattern of normality. Darktrace applies the same logic to enterprise and industrial environments. Powered by machine learning and AI algorithms, Enterprise Immune System technology iteratively learns a unique ‘pattern of life’ (‘self’) for every device and user on a network, and correlates these insights in order to spot emerging threats that would otherwise go unnoticed. Like the human immune system, the Enterprise Immune System does not require previous experience of a threat or pattern of activity in order to understand that it is potentially threatening. It works automatically, without prior knowledge or signatures, detecting and fighting back against subtle, stealthy attacks inside the network — in real time. The Enterprise Immune System is the service that uses self-learning technology to detect threats and anomalous behaviours. It is compatible with all major Cloud providers (including AWS, Google Cloud Platform and Microsoft Azure). Fully configurable, it allows organisations to monitor all or selected Cloud traffic, with minimal performance impact. Features:

• Market-leading AI cyber-threat detection in the Cloud;
• Detects, classifies and visualises cyber-threats that evade other defences;
• Self-learning technology - world-leading machine learning and AI;
• Not reliant on historical attacks to predict new threats;
• Models understanding of what 'normal' enterprise behaviour looks like;
• Detects threats emerging in real-time;
• Detects insider threat, low-and-slow attacks, automated viruses;
• Self-adapting as the organisation changes: no tuning or reconfiguration;
• New threat identification, irrespective of threat type or attacker;
• Rapid identification of anomalous activity providing early threat warning.

Benefits:

• Adaptive - evolves with your organisation;
• Self-learning - system constantly refines its understanding of 'normal';
• Probabilistic - works out the likelihood of serious threat;
• Realtime - spots cyber threats as they emerge;
• Works from day one - delivers instant value;
• Low false positives - correlation of weak indicators;
• Data agnostic - ingests all data sources;
• Highly accurate - models humans, device and enterprise behaviour;
• Installs in 1 hour - minimal configuration required;
• Passive monitoring to model 'pattern of life' usage (non-disruptive).

DNIF User Behavior Analytics provides early visibility to malicious insider threats and risky behavior on your network based on user behavioral anomalies. DNIF outperforms in known, unknown, real-time threat detection and helps organizations improve analyst productivity. Together DNIF SIEM and DNIF User Behavior Analytics can be a powerful tool to swiftly address the most sophisticated threats and accelerate investigations. It is built on ElasticSearch and monitors user behavior efficiently and effectively. It optimises detection profiles for users and entities to detect suspicious behavior and react quickly with 3rd party API lookups.

Key Talking Points:

• Detect outliers based on user account activity.
• Using profilers set dynamic baselines.
• Detect and normalize user activity trends.

The Dragos Platform contains all the necessary capabilities to monitor and defend ICS environments. It combines the functionality of an OT security incident and event management system (SIEM), network detection and anomaly system, and incident response platform with the experience and intelligence of the Dragos team.

IDENTIFY ASSETS

Deep packet inspection (DPI) of ICS protocols, traffic, and asset characterizations, ability to consume host logs and controller events, and integrations with ICS assets such as data historians provide a complete view of ICS environments.

DETECT THREATS

Complex characterizations of adversary tactics, techniques, and procedures through threat behavior analytics pinpoint malicious activityon ICS networks and provide in-depth context to alerts.

RESPOND

Expert-authored investigation playbooks and case management guide defenders step-by-step through the investigation process to enable independence and transfer knowledge from our team to ICS defenders. Benefits:

• Significantly reduce time to identify and inventory all assets and traffic on your network
• System-generated asset maps and reports provide consistent, time-driven views that are accurate, up-to-date, and thorough
• Automatic classification of assets based on behavior
• Set one or more baselines and get notifications when specific changes or anomalies occur in the environment over time
• Recognize new or rogue assets as they appear; identify assets that have disappeared from the network
• Powered by human-based intelligence that identifies adversary tradecraft and campaigns
• No bake-in or tuning period required; threat behavior analytics work immediately upon deployment
• Detect threats not simply as anomalies to investigate, but with context that guides effective response
• Notification filtering provides a risk-based approach to management
• Playbooks codify incident response and best-practice workflows developed by Dragos experts
• Manage incidents and cases from the same console cross-team
• Clear Indicator of Compromise reports guide attention to vulnerable assets
• Easily monitor case, notification, and analyst activity, as well as system-level health and statusT
• Splunk, QRadar, Pi Historian, LogRythym, Syslog, Windows Host Logs

The Dtex Platform is advanced user behavior intelligence that provides enterprise organizations with the critical intelligence that will help them detect and prevent insider-related breaches and, as a result, save organizations millions of dollars. It is used by enterprises worldwide, including companies such as Allianz, Aston Martin Racing, Eni/Saipem, Mizuho Bank and Sanyo. In February 2017, the Dtex Platform was recognized as the Leader in Insider Threat Detection by Cyber Defense Magazine.

Insider threats continue to pose a major risk in the modern cybersecurity landscape. To detect and prevent insider threats, enterprises need visibility and intelligence into user behavior.

Negligent users unintentionally risk security by attempting to find convenient productivity solutions, misunderstanding security practices, or through human error. Employees with malicious intent try to steal sensitive data or intellectual property. Advanced user behavior intelligence can catch these users, even when they are trying to cover their tracks, by identifying and alerting on behaviors that indicate a user may be trying to bypass company network controls or extract proprietary data. By using the industry’s most comprehensive library of thousands of known user threat behavior patterns, advanced risk modeling and combined risk scoring, Dtex enables security teams to determine exactly how sensitive data and valuable IP left the organization and who perpetrated the attack without excessive false positives.

The Dtex Advanced Behavior Intelligence Platform is scalable enough to be deployed enterprise-wide without negative impact to network performance. It provides complete visibility into everything users do on their work devices – on and off the corporate network – without compromising user privacy. In addition to the thousands of already known patterns of bad behavior, the analytics engine quickly establishes baseline individual user patterns and gives actionable, contextual alerts when anomalies are found. Dtex, helps eliminate insider threats, protect against outside infiltrators, and find gaps in existing security controls.

Dtex is a unique solution. It is lighter and more visibility-focused than DLP, cuts through the noise more effectively than SIEM, and bases its analytics on endpoint visibility that most out-of-the-box UEBA solutions are blind to. It’s the combination of thorough endpoint visibility and intelligent, adaptive analytics that is perfectly poised to fill the gaps and weaknesses of other security systems.

Elastic, the company behind Elasticsearch, and the Elastic Stack, the most widely used collection of open source products for solving mission-critical use cases like search, logging, and analytics, has acquired Prelert, a leading provider of behavioral analytics technology. Elastic will integrate the Prelert technology into the Elastic Stack, and will offer it as part of its subscription packages in 2017, giving Elastic customers more capabilities to solve complex use cases such as cybersecurity, fraud detection, and IT operations analytics, among others. Prelert was founded in 2008 to create technology that automates the discovery of anomalies in large, complex datasets, predicts actions and outcomes, and provides enterprises and their end users with a consumable application that doesn't require them to perform data science. Using unsupervised machine learning techniques applied to a customer's historical and real-time continuous data, Prelert's predictive models perform behavioral analytics to understand the probability of failures and events occurring with built-in alerting and notifications for end users to explain 'why' something has happened and 'what' to do with that information. More companies, from startups to large enterprises, are storing large amounts of structured and unstructured data in Elasticsearch. With 'search' becoming the foundation for many of these companies to address their most complex use cases, Prelert built an Elastic Stack integration to provide Elasticsearch users with an automated way to understand the 'why' in their data and take action on 'difficult to see' insights. Combining Elastic's Kibana user interface framework and Prelert's behavioral analytics technology, customers are able to solve common problems in their continuous and ever-growing data, including:

• detecting advanced security threat activities and anomalies in log data,
• discovering hidden fraud patterns in highly sensitive data,
• identifying anomalous systems or metrics and their root causes across IT systems,
• linking together complex series of events in data to expose early warning signals,
• automatically pinpointing where and why critical system outages are occurring,
• detecting unexpected drops in transactional activity, and much more.

Complex Threat Identification with Behavioral Analysis Cyberattacks are becoming more complex and harder to find. Often correlation rules can’t find the attacks because they lack context or miss incidents they’ve never seen — generating false negatives. Correlation rules also require much maintenance. Advanced Analytics automatically detects the behaviors indicative of a threat. Now teams don’t have to spend time with frequently faulty correlation rules. Prebuilt Timelines Automatically Reconstruct Security Incidents Analysts shouldn’t spend days or weeks gathering evidence and constructing timelines of incidents by querying and pivoting through their SIEM. With Advanced Analytics, a prebuilt-incident timeline flags anomalies and displays details of the incident for the full scope of the event and its context. Now analysts can stop spending time combing through raw logs to investigate incidents. What took weeks to investigate in a legacy SIEM can now be done in seconds. Dynamic Peer Grouping User behavior patterns often differ based on a myriad of attributes, including: the team they are on, what projects they are involved in, where they are located, and more. Thus, behavioral baselines shouldn’t be static. Dynamic peer grouping uses machine learning to assign users to groups based on their behavior, then to compare their activity against that of those groups to identify anomalous, risky behavior. Lateral Movement Detection Lateral movement is a method attackers use to move through a network by using IP addresses, credentials, and machines in search of key assets. Tracking is difficult because the trace information only tells part of the story. Data must be analyzed from everywhere, linking the attack to the source. The Advanced Analytics patented technology tracks suspected activities even if there are changes to devices, IP addresses, or credentials. Asset Ownership Association Another time-intensive part of performing a security investigation is the manual process of determining who owns or regularly uses the devices involved in an incident. There isn’t a convenient IT database linking devices to their owners, and mobile devices can exist outside of any tracking. Advanced Analytics is able to determine the owner of a device based on their pattern of behavior and interactions.

Featurespace’s ARIC Platform monitors all your customer data in real time across multiple channels, using Adaptive Behavioral Analytics to block new fraud attacks and spot suspicious activity as it occurs. At the same time, Featurespace recognizes your genuine customers without blocking their activity. Monitor and protect your customers Easy end-to-end case management Monitor fraud and customer acceptance workflows for each individual customer, from one easy-to-use dashboard. Smart cross-channel monitoring Understand behavior across multiple data inputs and detect pivoting attacks as they happen. Identify fraud hotspots at a glance See fraud trends based on alert volumes and easily identify where fraud is happening geographically. Detect anomalies as they happen A new tool for smarter analytics Adaptive Behavioral Biometrics allows analysts to visualize and compare a user's behavior in different sessions, spot anomalies and identify cases of account takeover, chargeback fraud, as well as detect bot, malware and MITM attacks. Clear individual risk scores with readable alerts Monitor risk scores from the dashboard, and get alerts with clear reason codes as anomalies occur. Real-time machine learning anomaly detection Automate real-time anomaly detection and share case priorities amongst your fraud prevention team. Understand links between events Analyze links between events and individuals when reviewing an account – fraud is rarely a one-off event. Real-time alerts and reporting workflow Customize alert activity timelines and reports Decide which customer activity you want to view, based on your business needs - for example, filter by transaction types or view the activity of a customer over time. Build business rules Implement simple and complex business rules alongside Adaptive Behavioral Analytics. Open Model Manager Import and manage your own PMML data science models alongside ARIC's behavioral models for even more powerful analysis. Robust analytical governance Sandbox Replay Test the performance impact of changes to the analytics without affecting the live system. 4-eyes authorisation of changes Audit proposed new model, rule and risk strategies, add comments and approve before they go live. Easy version control of new strategies Configure analytics and revert fraud analyst changes - all from one easy-to-use dashboard screen. PCI-DSS compliance Your customer card data is secure in our PCI-DSS certified environment.