The Versive Security EngineThe Smartest AI-Driven System for Detecting Advanced Adversaries
The Versive Security Engine detects suspicious behaviors in your environment and uses adaptive machine learning from the Versive Platform to correlate these behaviors.
We can conclusively determine whether your business is at risk of losing money, intellectual property, or reputation as the result of a headline-making hack.
The engine maps each suspicious behavior to a stage in the adversary threat campaign lifecycle and displays contextual information about connected
behaviors in a single, easy-to-understand report called a Threat Case. By cutting out noise and displaying only critical, relevant information, we show you how an adversarial campaign is unfolding in your environment, in time for you to take action and prevent damage.
Benefits of The Versive Approach: AI + Human Intuition, Automated
Automatically Customized to Your Environment: The VSE’s models are trained on your actual data, making the system highly accurate, customized to your network, and impossible to deceive, unlike pre-canned algorithmic processes used by other security tools.
High Accuracy, No Noise: If we send you a high-value Threat Case, it warrants immediate investigation, period.
Human Expertise: Knowledge from the world’s foremost white-hat hacker, Peiter “Mudge” Zatko, is built into the product, combining machine power with decades of cyber learning for unmatched insight.
Constant Improvement: As your environment grows and changes, the VSE evolves and grows smarter automatically, thanks to the adaptive machine learning at the core of the Versive Platform.
What’s a Threat Case?
A Threat Case is a contextualized collection of evidence related to a potential adversary campaign in your network. These cases are highly accurate and always worthy of immediate investigation.
Here’s how a threat case gets built:
The Versive Security Engine uses machine learning to detect suspicious behaviors on a variety of dimensions related to the adversary lifecycle.
Then, it looks for connections between these behaviors across the network and across time to build a Threat Case. In this way, the VSE can determine, with an incredibly high level of confidence, when there is something that is truly worth investigating.
Finally, the case is presented (via UI or API) with all the associated context, in a way that makes the case easy to understand and enables you to take action.
The VSE threat viewer shows when one or more hosts has participated in multiple stages of the adversary campaign lifecycle,
indicating a high likelihood that there is an attack in progress or other suspicious activity that requires investigation.
Understanding the Adversary Campaign Lifecycle
The adversary campaign lifecycle, also commonly referred to as the cyber kill chain, describes the various steps that all bad actors must go through to fully execute an attack. A campaign won’t be successful unless an adversary somehow understands where things are on your network (recon), gathers the desired data in a place from which it can be removed (collection), and removes it from the network (exfil). By focusing on this broader pattern of advanced adversary campaigns, we can detect coordinated campaigns that would otherwise go undetected.
How the Versive Security Engine Works.
The VSE uses data sources from your network (including from supplemental security tools like UEBA and endpoints), to learn what “normal” behavior looks like in your unique environment.
The VSE models the behaviors that cybersecurity experts recognize as most strongly correlated to advanced adversary campaigns in your environment.
By mapping the connections between suspicious behaviors across the network and across time, the engine visualizes the progress of a threat over time with an incredibly high degree of confidence.
You can view results in our convenient UI or access the data through our API to view and use however you like.