- Company (that provides the nominated product / solution / service): Awake Security
- Website: https://awakesecurity.com/
- Company size (employees): 10 to 49
- Country: United States
- Type of solution: Hybrid
- Approximate number of users worldwide: 50+
What other awards did this nomination receive in the previous 12 months?
2018 RSAC Innovation Sandbox; honored as a top 10 “most innovative startup”
2018 Cyber Defense Magazine (CDM) InfoSec Awards; winner of the Security Investigation Platform (Next Gen) category
2018 Info Security Products Guide (ISPG); honored in the Startup of the Year (Gold), Cyber Security Vendor Achievement of the Year (Gold), Most Innovative Security Product (Software) of the Year (Silver), and Best Security Software (New or Updated version) (Bronze) categories
2018 Network Product Guides IT World Awards; winner in Startup of the Year, Best IT Company of the Year (Information Technology Vendor of the Year), and Best IT Product of Service (Security Software New or Upgraded Version) categories
In 3 bullets, summarize why this product or service is different from the competition and deserves recognition:
o Traffic analysis: Awake inspects and analyzes traffic from Layer 2 and up. Most competitive solutions instead rely on flows or meta data. Awake extracts signals from full packet capture data to first identify and track entities and uses that for more meaningful and actionable analysis.
o Source analysis: Few network traffic analysis solutions perform source analytics and those that do often require agents or logs / integrations. With Awake’s EntityIQ™ technology, the system automatically develops an understanding of the entities, even as they move across IP addresses.
o Destination analysis: Other solutions rely on threat intelligence, IP geolocation and reputation to assess destinations. Awake instead analyzes destination information such as how and when the domain was registered.
Detection/ Investigations and Hunting
o Awake’s unique approach to combine traffic, source and destination analytics avoids the error-prone method of training / baselining employed by most other solutions. These solutions base their anomaly detection on deviations from past behavior of a particular IP address or device. Awake instead compares each device to the other entities in the environment, grouping ones that are similar and then identifying behaviors that stand out.
o Awake also detects known attacker tactics, techniques and procedures (TTPs) via QueryIQ™ detection rules. This allows for far more efficient detection for known bad behavior from insiders or external attackers. Awake’s intelligent platform makes adding capabilities to detect new and evolving threats simple for Awake and its customers.
o Awake automatically provides a forensic timeline of suspect activities for any entity in the system and allows for easy pivots to this information from any alert in the SIEM. This information is also used to compute a risk score for the entity to help automate the triage process.
Awake Security is the only advanced network traffic analysis company that delivers a software platform powered by the expertise and real world investigations of hundreds of the world’s foremost investigators. Awake’s Network Detection and Response platform applies AI to bring these human skills to all customers, instantly analyzing billions of packets to immediately discover every device, user and application on the network. Through autonomous hunting and investigation Awake then uncovers malicious intent from insiders and external attackers alike. The company is ranked #1 for time to value because of its frictionless approach that delivers answers rather than alerts.
Awake’s key use cases include:
• DETECTION OF MALICIOUS INTENT- Awake’s DetectIQ™ surfaces sophisticated attacker TTPs including the malicious use of business-justified applications and communications to zero-day destinations designed to evade existing proxies and blacklists. QueryIQ™, Awake’s behavioral query language, enables the discovery of evolving attacker tactics, techniques and procedures without requiring training periods or model updates like other ML-solutions.
• RAPID & CONCLUSIVE ALERT RESPONSE- With Awake, the starting point is EntityIQ™, which uses hundreds of security-relevant signals extracted from full packet capture data to automatically correlate, profile and track internal and external entities such as devices, users and domains. This capability can be delivered via SIEM integrations that allow even a junior analyst to investigate and also highlight other victims that might be targeted by a broader attack campaign.
• EXHAUSTIVE NETWORK INTELLIGENCE- Awake discovers and tracks traditional endpoints, as well as unmanaged IoT, BYOD, contractor and other devices, even as they move across IP addresses. Many of these devices are invisible to log- or agent-based security products. Awake allows the security team to surface threats to and from all these devices and rapidly investigate any that exhibit a high DetectIQ™ Score.