A New Era in Threat Protection
SOD’s ground-breaking AQ TechnologyTM is based on Rough Set mathematical theory using the concept known as “Approximate Query”. AQ TechnologyTM allows searches of massive data sets such as log data to be queried for threat indicators 10-100+ times faster than conventional databases with a small trade off in query accuracy (less than 0.4%).
“Security On-Demand is the only MSSP/MDR company in the world that uses this technology. With over 7 patents, SOD has raised the bar for every competitor in the managed security services industry.”
The Impact? – Drastically improved time to detection of cyber-security threats with the ability to apply both supervised and unsupervised machine learning approaches to automate the detection of advanced threats.
Rapid Insight into Threat Indicators
AQ TechnologyTM allows our security operations analysts and our customers to achieve the following:
- Know what is in the data set (or data lake) before we search for it
- Eliminate the need to sample the data to know what’s in it
- Eliminate the need to extract data sets into elastic search to hunt for data
- Conduct broad searches for threat indicators across large data sets not previously possible
- Conduct a series of Machine Learning Automated database queries to hunt for threat indicators
Case Study: How AQ TechnologyTM proved its worth when the famous “WannaCry” Ransomware attack occurred throughout the world in May of 2017.
- One of the threat indicators that helped SOD identify whether a client was infected or about to be infected, was the identification of significant traffic activity on Port 445.
- Because of the large data volumes being collected, (over 16-20 billion events per day) it would normally be a daunting task to query approximately 30 days of historical data (about a petabyte) in order to receive the results.
- Using SOD’s new ThreatWatch platform based on “AQ” data analytics technology, the query was performed in under 19 minutes.
- By comparison, querying the same indicators on a normal database would have taken over approximately 3.5 days for a single indicator.
This revolution in query performance (previously known as superscale analytics) will change the game with the ability to query threat indicators at a level previously unprecedented in the industry, which is only still in its infancy as new extensions to the AQ TechnologyTM are being discovered.