ThreatWatch®: Finding needles in the haystacks
ThreatWatch® – Behavioral Analysis of Networks, Users & Assets
ThreatWatch® is the next generation of threat management, combining behavioral analytics, advanced security use cases, threat intelligence and situational awareness. The SOD ThreatWatch® behavioral analytics platform detects and analyzes threats by identifying patterns of network, user, and asset behavior that
- Deviate from normal activity
- Occur during unusual times of the day or week,
- Interact with sensitive data or systems
- Communicate with untrusted or suspicious sources
- Use covert (encrypted) channels
Version 5 ThreatWatch Analytics Platform Enhancements
- Performance improvements that include new customer portal
- Simplified query capability for non-technical casual users while providing advanced query capabilities for power users
- New Portal Design with a simplified user interface, easier navigation & offering fully interactive charts, graphs, and alert drill-downs
- Log Analysis Tools that allows interactive log analysis & on-the-fly report generation
- Streamlined new Reports Manager with new report templates, easier scheduling, and improved performance
- Support for New Advanced Correlation Sources that expands the specialized ability to analyze DNS & Network Flow data
- Expanded Device & Use Case Support including Office 365, Cisco Umbrella, NAC, WAF, and many other products
- Enhanced Artificial Intelligence/Machine Learning capabilities that drive threat detection of advanced threats and speed time to detection
- Threat Intelligence gathering resources from our Threat Recon Unit (TRU), providing advanced threat intelligence capabilities

Correlating User, Network, & Asset Behavior Improves Threat Detection by a Factor of 10 Times
ThreatWatch Advanced Analytics Engine
Network, user and asset behavior tend to be very predictable and pattern-oriented; system users access the same web sites, perform the same business and system functions, and communicate with the same vendors in the same way most of the time. Our approach is based on the concept that user behavior both within and outside of the network is predictable based on previous patterns of behavior.