The Versive Security EngineEmpowering Security Teams to Detect Advanced Adversaries
The Versive Security Engine (VSE) automates adversary campaign hunting with AI.
While most tools overwhelm security analysts with a steady stream of disconnected alerts, the VSE builds threat cases that each paint an understandable picture of a specific suspected adversary campaign.
Starting from a deep understanding of threat hunting, we’ve learned a set of behaviors that reveal ongoing adversary campaigns by modeling them in the context of what’s normal for your network.
These results previously would have only been possible through manual analysis by experts. Automatic threat case generation enables every security team to achieve world-class results at scale.
What’s a Threat Case?
A Threat Case is a contextualized collection of evidence related to a potential adversary campaign in your network. These cases are highly accurate and always worthy of immediate investigation.
Here's what a threat case looks like:
The VSE threat viewer shows when one or more hosts has participated in multiple stages of the adversary campaign lifecycle, indicating a high likelihood that there is an attack in progress or other suspicious activity that requires investigation.
Benefits of The Versive Approach: Machine Learning + Human Intuition, Automated
Reduce Time and Effort chasing down false alarms and manually correlating disparate alerts from unconnected sources.
Multiply the Capabilities and effectiveness of your SOC team with the security expertise and advanced automation built into the Versive AI platform.
Reveal Threats operating inside your environment even those covering their tracks, emphasizing stealth, or using never before seen exploits.
Understanding the Adversary Campaign Lifecycle
The adversary campaign lifecycle, also commonly referred to as the cyber kill chain, describes the various steps that all bad actors must go through to fully execute an attack. A campaign won’t be successful unless an adversary somehow understands where things are on your network (recon), gathers the desired data in a place from which it can be removed (collection), and removes it from the network (exfil). By focusing on this broader pattern of advanced adversary campaigns, we can detect coordinated campaigns that would otherwise go undetected.
How the Versive Security Engine Works.
LEARN THE ENVIRONMENT
The VSE uses standard data sources from across the business, including supplementary cybersecurity products, to fully recognize connected systems and learn "normal" behavior for your unique environment.
DETECT SUSPICIOUS BEHAVIOR
The VSE models behaviors that are strong indicators of advanced adversaries in your environment
BUILD THREAT CASES
By connecting suspicious behaviors across the network and over time, the engine visualizes the progress of a threat in context, with a high degree of confidence.
You can view VSE results in our UI, or access the data through our API to view and use in your existing security dashboards.