Attacks can come from anywhere. So we look for them everywhere.
ThreatWatch® detects threats quickly by identifying activity that deviates from normal network, user, and asset behavior thresholds. It’s the next generation of threat management, combining behavioral analytics, advanced security use cases, threat intelligence and situational awareness. ThreatWatch analyzes business data and traffic patterns to understand privilege levels, the behavior of users, common threat vectors, socially engineered attacks, and network protocols such as DNS, HTTP, HTTPS that will actively identify high-risk anomalies and defend customer networks and data.
Network, user and application behavior tend to be very predictable and pattern-oriented; system users access the same websites, perform the same business and system functions, and communicate with the same vendors in the same way most of the time. Our approach is based on the concept that user behavior both within and outside of the network is predictable based on previous patterns of behavior.
Leveraging intelligence gathered from across our client base, coupled with additional threat intelligence sources, our service brings together a level of visibility and protection that simply cannot be achieved elsewhere.
IT’S ABOUT LEARNING YOUR ENVIRONMENT
- Early detection of advanced threats not detectable by SIEM.
- Focus on relevant threats
- Rapid remediation
WE HAVE YOU COVERED SEVEN DIFFERENT WAYS
- Behavioral Analytics – Identifies anomalous activity that may indicate a threat.
- Threat Intelligence – Provides global context to help you understand when your network may be more vulnerable.
- Advanced Security Use Cases – Looks beyond the usual indicators to identify attacks in new ways.
- Asset Discovery – Provides additional detail and context to identify threats that might otherwise be missed.
- Optional Database Threat Protection – Provides continuous monitoring of high value databases
- Optional Cloud Threat Protection – Provides visibility into anomalous activity generated by use of cloud services
- Optional Endpoint Threat Protection – Provides real-time detection of malicious activity at the endpoint
WE THINK DIFFERENTLY ABOUT CYBERSECURITY
- The current commercial process model for defending against attacks is not working
- Incident Response is the wrong mindset – it focuses on a reactive approach
- We focus on prevention using the Human Bio-Immune System as our security model
- A three-tiered, Workstation, Company and Global Anomalies Behavioral Analysis
We employ three types of Behavioral Analytics capabilities (User, Network, Asset)
We provide continuous self-defense/self-remediation capabilities
We apply Expert Systems & Machine Learning approaches to automating actions & responses based on various cybersecurity risk indicators
ThreatWatch Advanced Analytics Engine
Network, user and asset behavior tend to be very predictable and pattern-oriented; system users access the same web sites, perform the same business and system functions, and communicate with the same vendors in the same way most of the time. Our approach is based on the concept that user behavior both within and outside of the network is predictable based on previous patterns of behavior.