Book a Demo

Behaviour Anomaly Detection (BAD2)

Huntsman Security’s patented Behaviour Anomaly Detection (BAD2) engine is integrated into its SIEM to provide real-time machine learning capabilities to detect unknown threats.

Huntsman Security’s SIEM analyses activity, based on the organisation’s risks, threats and vulnerabilities, to learn normal patterns of behaviour and activity. Armed with activity baselines, it detects threats or suspicious activity that differs from expected behaviour. Huntsman Security’s SIEM can detect:

  • Higher/unusual volumes of network session or user traffic on a per user or per host basis
  • Volumes of events such as file accesses or other activity on hosts/workstations
  • Changes in the usage profile of application servers or query operations on databases
  • Changes in the frequency or prevalence of operations – up or down

By dynamically profiling multiple variables with sophisticated in-stream behavioural algorithms, the detection engine adapts to changes and trends over time; either adjusting and relearning “normal” values or using fixed/pre-set baselines, depending on the nature of the environment and risk.

Behavioural Analysis - Network Data Transfer Anomaly

Huntsman SIEM Live Dashboard - Dark Version

Have a question?

Let’s explore how Huntsman Security solutions can support your cyber resilience