- Website: http://www.secbi.com
- Company size (employees): 10 to 49
- Country: Israel
- Headquarters Region: Middle East
In 3 bullets, summarize why this company is different from the competition and deserves recognition:
- Developed the only network traffic analysis (NTA) solution that does not require extra hardware (sensors), thereby making it easy and affordable to deploy at large, geographically dispersed enterprises
- Developed an NTA solution that uses metadata that passes through enterprises' web proxies, thereby solving the challenge of encryption blocking the analysis of more than 55% of network data
- One of the few (if not only) company that uses unsupervised machine learning for cluster-based analysis to present security analysts with the full scope (meaning every affected incident) per suspicious incident so that analysts know immediately without further investigation where and how to perform remediation tasks.
In less than 300 words, summarize the achievements of the company in the nominated category
SecBI provides security automation in a currently neglected area, advanced threat detection and investigation, which is the most complex and critical process in the security operations center (SOC). We’ve developed a next-generation network traffic analysis (NTA) solution for maximum network visibility to detect and investigate malicious incidents, eliminating the need to deploy network sensors (a requirement other NTA vendors set), thereby making it ideal for geographically-dispersed enterprises and cloud-based deployments.
Another innovative aspect is that our Autonomous Investigation™ technology uses both unsupervised and supervised machine learning. Much of what the industry calls machine learning is “supervised” machine learning, which is based on manual human feedback. In the cyber arms race, evolution happens in milliseconds, making the supervised approach not only inaccurate but also unscalable and human-dependent. “Unsupervised” machine learning, on the other hand, doesn’t just detect anomalies; it investigates them to find out whether they are indicative of an attack, then groups together all the related evidence so the analyst doesn’t have to spend hours digging through data. Unsupervised machine learning is used in highly dynamic use-cases where the data changes frequently, new behaviors emerge constantly, and labeled data is scarce, making it the deal approach to uncover stealthy attacks that would not be discovered when using a baseline for anomalies.
As a result, our value is best understood in contrast to intrusion detection solutions that generate sporadic alerts and anomalies requiring manual correlation and investigation. Our Autonomous Investigation™ technology presents analysts with the full scope on every suspicious incident, including all affected entities (e.g. users, domains, devices) within minutes, thereby automating the aspect of the investigation process and practically eliminating false positives. Once armed with this clustered and full scope information of the entire incident storyline, analysts are able to perform rapid and complete remediation, minimizing breach damage.