Anomalies and adversary behaviors are important, but what really matters is the way they are related. VSE uses AI to automatically uncover the required chain of threat activity that separates the signal — the real risks to your business — from normal network noise.
Exploring a network to understand its structure and to locate valuable data stored within it
Moving within the network to obtain additional network access credentials; gathering and moving valuable data in preparation for removal
Covert transfer of valuable data from the network to external destinations (unauthorized server, thumb drive, etc.)
Unlike static, rules-based security systems, our AI automatically learns and maintains a “normal” definition for each host within a customer’s unique environment. No human manipulation required.
ThreatCases automate the time-consuming process of compiling the data needed to understand a threat. With an average delivery of 5 per week, security teams can focus on what matters most — shutting down the threats and minimizing risk.
Based on automatically learned definitions of “normal,” VSE surfaces sequences of anomalous behaviors that make sense only as part of malicious threat campaigns. This is how VSE delivers a handful of high-fidelity results, not a flood of false positives.
For AI to be trustworthy in cybersecurity applications, it should not be a black box of unknown methodologies. By design, our AI explains model results to ensure transparency. Customers understand how VSE arrived at its results, and know why they can rely on its ThreatCases.
Deploy the engine
Built on the open source frameworks of Spark and YARN (no proprietary hardware required), VSE is capable of running on standard infrastructure in cloud, hybrid or on-premises environments.
Additional data sources, including data from supplementary cybersecurity products, can also be incorporated into VSE to enhance results.
Data and sensor providers