Huntsman® Behaviour Anomaly Detection (BAD) technology enables real time threat detection using the most advanced event stream processing engine available today.
The technology uses patented machine-based learning techniques to deliver true behaviour-based profiling and detection, and is proven to detect threats that are not detected by standard rules and signatures.
Huntsman® real time monitoring enables your incident response team to pinpoint and investigate cyber-security attacks designed to circumvent traditional security controls, such as:
- Advanced Persistent Threats (APTs)
- Smart, customized and targeted malware
- Malicious or negligent insiders who abuse their access to put data or IP at risk
- Compliance breaches that require complex interrelated rule sets to be detected
- ‘Unknown’ and ‘unknowable’ external and internal threats that simply can’t be second-guessed by analysts.
Your enterprise will benefit from:
- Real time threat detection: Immediate visibility of anomalous situations within the network, operating system and, uniquely, the application layers
- Correlation of known threat intelligence and asset information with behavioural data significantly enhances information and event context
- Real-time protective actions to contain a threat and minimise any resulting loss
- Autonomous BAD extends the detection of threats beyond the limits of pattern and signature-based security controls, to what you don’t or can’t know
- Ease of operation, reduces operational risk to limit uncertainty and operator error
- Integration with rules-based security solutions complement the analysis and insight into known and unknown threats.
- Passively establishes a dynamic baseline by automatically self-learning normal system behaviour to determine, by exception, unusual system activity and other indicators of compromise
- BAD techniques easily anticipate threats that can be quickly bounded to reveal malicious events more efficiently than by the continuous creation of rules to pinpoint a threat
- Adapts to authorised network changes, gradual trends, usage spikes and work patterns while still automatically distinguishing suspicious and risky outliers from normal events
- Connects seemingly unrelated events from multiple information silos across an enterprise to quickly determine any hidden or unexpected relationships between the data from disparate sources that might represent a threat or indicator of compromise
- Provides visual analysis so that metrics, key information and sensitivities can be tailored to meet precise profiling requirements.
Products that Huntsman BAD will enhance:
Want to find out more?