The Versive Security Engine

Empowering Security Teams to Detect Advanced Adversaries

The Versive Security Engine (VSE) automates adversary campaign hunting with AI.

While most tools overwhelm security analysts with a steady stream of disconnected alerts, the VSE builds threat cases that each paint an understandable picture of a specific suspected adversary campaign.

Starting from a deep understanding of threat hunting, we’ve learned a set of behaviors that reveal ongoing adversary campaigns by modeling them in the context of what’s normal for your network.

These results previously would have only been possible through manual analysis by experts. Automatic threat case generation enables every security team to achieve world-class results at scale.

What’s a Threat Case?

A Threat Case is a contextualized collection of evidence related to a potential adversary campaign in your network. These cases are highly accurate and always worthy of immediate investigation.

Here's what a threat case looks like:

The VSE threat viewer

The VSE threat viewer shows when one or more hosts has participated in multiple stages of the adversary campaign lifecycle, indicating a high likelihood that there is an attack in progress or other suspicious activity that requires investigation.

Benefits of The Versive Approach: Machine Learning + Human Intuition, Automated

Reduce Time and Effort chasing down false alarms and manually correlating disparate alerts from unconnected sources.

Multiply the Capabilities and effectiveness of your SOC team with the security expertise and advanced automation built into the Versive AI platform.

Reveal Threats operating inside your environment even those covering their tracks, emphasizing stealth, or using never before seen exploits.

Understanding the Adversary Campaign Lifecycle

The adversary campaign lifecycle, also commonly referred to as the cyber kill chain, describes the various steps that all bad actors must go through to fully execute an attack. A campaign won’t be successful unless an adversary somehow understands where things are on your network (recon), gathers the desired data in a place from which it can be removed (collection), and removes it from the network (exfil). By focusing on this broader pattern of advanced adversary campaigns, we can detect coordinated campaigns that would otherwise go undetected.

How the Versive Security Engine Works.

1

LEARN THE ENVIRONMENT

The VSE uses standard data sources from across the business, including supplementary cybersecurity products, to fully recognize connected systems and learn "normal" behavior for your unique environment.

2

DETECT SUSPICIOUS BEHAVIOR

The VSE models behaviors that are strong indicators of advanced adversaries in your environment

3

BUILD THREAT CASES

By connecting suspicious behaviors across the network and over time, the engine visualizes the progress of a threat in context, with a high degree of confidence.

4

DELIVER RESULTS

You can view VSE results in our UI, or access the data through our API to view and use in your existing security dashboards.

Let Us Show You

Adaptive machine learning can dramatically improve your cybersecurity posture. Get a demo to see what we mean.

Schedule Demo