A New Era in Threat Protection

AQ TechnologyTM

SOD’s ground-breaking AQ TechnologyTM is based on Rough Set mathematical theory using the concept known as “Approximate Query”.  AQ TechnologyTM allows searches of massive data sets such as log data to be queried for threat indicators 10-100+ times faster than conventional databases with a small trade off in query accuracy (less than 0.4%).

“Security On-Demand is the only MSSP/MDR company in the world that uses this technology.  With over 7 patents, SOD has raised the bar for every competitor in the managed security services industry.”

The Impact?  – Drastically improved time to detection of cyber-security threats with the ability to apply both supervised and unsupervised machine learning approaches to automate the detection of advanced threats.

Rapid Insight into Threat Indicators

AQ TechnologyTM allows our security operations analysts and our customers to achieve the following:

  • Know what is in the data set (or data lake) before we search for it
  • Eliminate the need to sample the data to know what’s in it
  • Eliminate the need to extract data sets into elastic search to hunt for data
  • Conduct broad searches for threat indicators across large data sets not previously possible
  • Conduct a series of Machine Learning Automated database queries to hunt for threat indicators

SOD WhitePaper:
The Economics of Threat


SOD WhitePaper:
Attackers Hiding in Plain Sight

Threat Detection on a Massive Scale

Threat Detection on a Massive Scale

When it comes to finding threats – speed to detection is key – that’s where AQ TechnologyTM leads the way.

A New, Patented Approach to Threat Analytics

A New, Patented Approach to Threat Analytics

Patented AQ TechnologyTM powers AI breakthroughs in advanced threat detection

Rapid Analysis of Threat Data

Rapid Analysis of Threat Data

We can find advanced threats 10 to 100 times faster and more accurately than a SIEM or 3rd Generation system

AQ Technology – “Fishing in Data Lakes” Data lakes are populated with various log data and a mathematical model is built of all the data in each lake called a Data Abstraction Layer (DAL). The DAL acts as a kind of “fish finder” – it knows if the “fish” are in the data lake and what the characteristics are. When using iterative queries (such as in cybersecurity), knowing what data is there shapes what questions we ask. After query refinement reduces the data set, we use exact queries to drill further.

Case Study:  How AQ TechnologyTM proved its worth when the famous “WannaCry” Ransomware attack occurred throughout the world in May of 2017.

  • One of the threat indicators that helped SOD identify whether a client was infected or about to be infected, was the identification of significant traffic activity on Port 445.
  • Because of the large data volumes being collected, (over 16-20 billion events per day) it would normally be a daunting task to query approximately 30 days of historical data (about a petabyte) in order to receive the results.
  • Using SOD’s new ThreatWatch platform based on “AQ” data analytics technology, the query was performed in under 19 minutes.
  • By comparison, querying the same indicators on a normal database would have taken over approximately 3.5 days for a single indicator.

This revolution in query performance (previously known as superscale analytics) will change the game with the ability to query threat indicators at a level previously unprecedented in the industry, which is only still in its infancy as new extensions to the AQ TechnologyTM are being discovered.

Contact Us

We're threat hunting! Send us a quick email here and we will get back to you asap.

Not readable? Change text. captcha txt

Start typing and press Enter to search