Network Detection and Response Platform

Additional Info

CompanyAwake Security
Websitehttps://awakesecurity.com/
Company size (employees)10 to 49

Overview

Awake Security is the only advanced network traffic analysis company that delivers a software platform powered by the expertise and real world investigations of hundreds of the world’s foremost investigators. Awake’s Network Detection and Response platform applies AI to bring these human skills to all customers, instantly analyzing billions of packets to immediately discover every device, user and application on the network. Through autonomous hunting and investigation Awake then uncovers malicious intent from insiders and external attackers alike. The company is ranked #1 for time to value because of its frictionless approach that delivers answers rather than alerts.

Awake’s key use cases include:
• DETECTION OF MALICIOUS INTENT – Awake’s DetectIQ™ surfaces sophisticated attacker TTPs including the malicious use of business-justified applications and communications to zero-day destinations designed to evade existing proxies and blacklists. QueryIQ™, Awake’s behavioral query language, enables the discovery of evolving attacker tactics, techniques and procedures without requiring training periods or model updates like other ML-solutions.

• RAPID & CONCLUSIVE ALERT RESPONSE- With Awake, the starting point is EntityIQ™, which uses hundreds of security-relevant signals extracted from full packet capture data to automatically correlate, profile and track internal and external entities such as devices, users and domains. This capability can be delivered via SIEM integrations that allow even a junior analyst to investigate and also highlight other victims that might be targeted by a broader attack campaign.

• EXHAUSTIVE NETWORK INTELLIGENCE- Awake discovers and tracks traditional endpoints, as well as unmanaged IoT, BYOD, contractor and other devices, even as they move across IP addresses. Many of these devices are invisible to log- or agent-based security products. Awake allows the security team to surface threats to and from all these devices and rapidly investigate any that exhibit a high DetectIQ™ Score.

How we are different

Analytics
o Traffic analysis: Awake inspects and analyzes traffic from Layer 2 and up. Most competitive solutions instead rely on flows or meta data. Awake extracts signals from full packet capture data to first identify and track entities and uses that for more meaningful and actionable analysis.
o Source analysis: Few network traffic analysis solutions perform source analytics and those that do often require agents or logs / integrations. With Awake’s EntityIQ™ technology, the system automatically develops an understanding of the entities, even as they move across IP addresses.
o Destination analysis: Other solutions rely on threat intelligence, IP geolocation and reputation to assess destinations. Awake instead analyzes destination information such as how and when the domain was registered.


Detection/ Investigations and Hunting
o Awake’s unique approach to combine traffic, source and destination analytics avoids the error-prone method of training / baselining employed by most other solutions. These solutions base their anomaly detection on deviations from past behavior of a particular IP address or device. Awake instead compares each device to the other entities in the environment, grouping ones that are similar and then identifying behaviors that stand out.
o Awake also detects known attacker tactics, techniques and procedures (TTPs) via QueryIQ™ detection rules. This allows for far more efficient detection for known bad behavior from insiders or external attackers. Awake’s intelligent platform makes adding capabilities to detect new and evolving threats simple for Awake and its customers.
o Awake automatically provides a forensic timeline of suspect activities for any entity in the system and allows for easy pivots to this information from any alert in the SIEM. This information is also used to compute a risk score for the entity to help automate the triage process.