Use Case: Automated Advanced Persistent Threat (APT) Detection with Versive

An Advanced Persistent Threat (APT) is any attacker that gets inside a your network and then lays low, quietly locating valuable data, collecting it, and exfiltrating it from your network.

The adversary’s mission, ultimately, is to get the data out without getting caught. Without following these steps, they cannot succeed in that mission to continue exploiting your data over the long haul, which costs you money and reputation when the hack is exposed.

This process is popularly known as the Threat Campaign Lifecycle, comprising Planning, Access, Recon, Collection and Exfiltration.
Threat Campaign Lifecycle: Planning, Access, Recon, Collection and Exfiltration

The planning stage typically does not touch your IT network at all. Access is often achieved through phishing attacks and other social engineering tactics.

Versive Security Engine Threat Viewer

How Versive Detects APTs

The Versive Security Engine (VSE) uses adaptive machine learning on your data, automatically customizing itself to your environment, to assure total accuracy in detecting suspicious behavior. The key is pinpointing behaviors that are unusual, both in the context of your unique environment and relative to the mission of the adversary. This is an enormous challenge given the variability in behavior and sheer volume of corporate data. What looks like suspicious data collection in one environment might be normal internal sharing in another. This is why machine learning is critical to the future of cybersecurity and advanced persistent threat hunting.

Here is how the Versive Security Engine detects APTs in your environment:

1. Learn The Environment The Engine uses adaptive machine learning on data sources from across your network and logs, as well as supplementary security tools like endpoint monitoring, to learn what “normal” behavior looks like in your unique environment.

2. Suspicious Behavior Detection The Engine models behaviors that are strong indicators of advanced adversaries in your environment.

3. Build Threat Cases: By connecting suspicious behaviors among multiple hosts across the Recon, Collection, and Exfiltration stages of the adversary campaign, the engine can track and visualize the progress of a threat over time, with a high degree of confidence.

4. Deliver Results The Threat Case Viewer presents intuitive cases that represent coherent, well-documented threats that are straightforward to investigate. You can view results in the UI or access the data through the API to use in your existing tools.

Let Us Show You

Adaptive AI can dramatically improve your cybersecurity posture.
Get a demo to see what we mean.

Schedule Demo