Huntsman Add On – Behaviour Anomaly Detection


Huntsman® Behaviour Anomaly Detection (BAD) technology enables real time threat detection using the most advanced event stream processing engine available today.

The technology  uses patented machine-based learning techniques to deliver true behaviour-based profiling and detection, and is proven to detect threats that are not detected by standard rules and signatures.

Huntsman - BAD1

Huntsman® real time monitoring enables your incident response team to pinpoint and investigate cyber-security attacks designed to circumvent traditional security controls, such as:
  • Advanced Persistent Threats (APTs)
  • Smart, customized and targeted malware
  • Malicious or negligent insiders who abuse their access to put data or IP at risk
  • Compliance breaches that require complex interrelated rule sets to be detected
  • ‘Unknown’ and ‘unknowable’ external and internal threats that simply can’t be second-guessed by analysts.

Your enterprise will benefit from:

  • Real time threat detection: Immediate visibility of anomalous situations within the network, operating system and, uniquely, the application layers
  • Correlation of known threat intelligence and asset information with behavioural data significantly enhances information and event context
  • Real-time protective actions to contain a threat and minimise any resulting loss
  • Autonomous BAD extends the detection of threats beyond the limits of pattern and signature-based security controls, to what you don’t or can’t know
  • Ease of operation, reduces operational risk to limit uncertainty and operator error
  • Integration with rules-based security solutions complement the analysis and insight into known and unknown threats.



  • Passively establishes a dynamic baseline by automatically self-learning normal system behaviour to determine, by exception, unusual system activity and other indicators of compromise
  • BAD techniques easily anticipate threats that can be quickly bounded to reveal malicious events more efficiently than by the continuous creation of rules to pinpoint a threat
  • Adapts to authorised network changes, gradual trends, usage spikes and work patterns while still automatically distinguishing suspicious and risky outliers from normal events
  • Connects seemingly unrelated events from multiple information silos across an enterprise to quickly determine any hidden or unexpected relationships between the data from disparate sources that might represent a threat or indicator of compromise
  • Provides visual analysis so that metrics, key information and sensitivities can be tailored to meet precise profiling requirements.

Products that Huntsman BAD will enhance:


Want to find out more?

Arrange a meeting with our Security Specialist Access Resources Download Huntsman Brochures