A New Era in Threat Protection
Founded on AQ TechnologyTM

Threat Detection on a Massive Scale

Threat Detection on a Massive Scale

  • When it comes to finding threats – speed to detection is key – that’s where AQ TechnologyTM leads the way.

A New, Patented Approach to Threat Analytics

A New, Patented Approach to Threat Analytics

  • Patented AQ TechnologyTM powers AI breakthroughs in advanced threat detection

Rapid Analysis of Threat Data

Rapid Analysis of Threat Data

  • We can find advanced threats 10 to 100 times faster and more accurately than a SIEM or 3rd Generation system

AQ TechnologyTM Overview

SOD’s ground-breaking AQ TechnologyTM is based on Rough Set mathematical theory using the concept known as “Approximate Query”.   AQ TechnologyTM allows searches of massive data sets such as log data to be queried for threat indicators 10-100+ times faster than conventional databases with a small trade off in query accuracy (less than 0.4%).

“Security On-Demand is the only MSSP/MDR company in the world that uses this technology.  With over 7 patents, SOD has raised the bar for every competitor in the  managed security services industry.”

The Impact?  – Drastically improved time to detection of cyber-security threats with the ability apply both supervised and unsupervised machine learning approaches to automate the detection of advanced threats.

Rapid Insight into Threat Indicators

AQ TechnologyTM allows our security operations analysts and our customers to achieve the following:

  • Know what is in the data set (or data lake) before we search for it
  • Eliminate the need to sample the data to know what’s in it
  • Eliminate the need to extract data sets into elastic search to hunt for data
  • Conduct broad searches for threat indicators across large data sets not previously possible
  • Conduct a series of Machine Learning Automated database queries to hunt for threat indicators
AQ Technology – “Fishing in Data Lakes” Data lakes are populated with various log data and a mathematical model is built of all the data in each lake called a Data Abstraction Layer (DAL). The DAL acts as a kind of “fish finder” – it knows if the “fish” are in the data lake and what the characteristics are. When using iterative queries (such as in cybersecurity), knowing what data is there shapes what questions we ask. After query refinement reduces the data set, we use exact queries to drill further.

Case Study:  How AQ TechnologyTM proved its worth when the famous “WannaCry” Ransomware attack occurred throughout the world in May of 2017.

  • One of the threat indicators that helped SOD identify whether a client was infected or about to be infected, was the identification of significant traffic activity on Port 445.
  • Because of the large data volumes being collected, (over 16-20 billion events per day) it would normally be a daunting task to query approximately 30 days of historical data (about a petabyte) in order to receive the results.
  • Using SOD’s new ThreatWatch platform based on “AQ” data analytics technology, the query was performed in under 19 minutes.
  • By comparison, querying the same indicators on a normal database would have taken over approximately 3.5 days for a single indicator.

This revolution in query performance will change the game with the ability to query threat indicators at a level previously unprecedented in the industry, which is only still in its infancy as new extensions to the AQ TechnologyTM are being discovered.

More About Advanced Threat & Log Analysis Service:

Advanced Threat & Log Analysis Service can cut the time to detecting a breach from weeks or months to hours. Learn more about how you can minimize the impact of cyber attacks by downloading our Service Brief now.

Contact Us

We're threat hunting! Send us a quick email here and we will get back to you asap.

Not readable? Change text. captcha txt

Start typing and press Enter to search