SecBI Autonomous Investigation

Additional Info

Company size (employees)10 to 49
Type of solutionSoftware


We call our technology Autonomous Investigation™ which is based on unsupervised and supervised machine learning. It is designed to analyze network traffic for detecting, investigating and remediating complex and stealthy threats. By using log data extracted from web proxies or SIEMs upon which is applied unsupervised machine learning, SecBI’s technology detects and clusters all internal (e.g.users, devices) and external (e.g. IPs, C&C servers, drop points) entities involved in communications in a compromised network. Identifying a malicious cluster, as opposed to a single discrete anomaly or sporadic alert, ensures faster and accurate detection with forensic evidence, including the full narrative and incident report. It instantly unveils malicious communications’ full scope, enabling comprehensive, automatic detection. Following the remediation, the information gained from the detection is then communicated to the preventive devices to redefine it’s policy for future attempts of breach. SOC analysts are presented with complete attack narratives giving them complete visibility of all affected users and devices, and infection points involved in the same incident. The complete narrative provides analysts with the actionable information (e.g. block malicious hosts or sanitize endpoints).
During the process, our technology identifies a suspicious cluster based on common behaviors (not a baseline), with its related forensic evidence, to assure faster and more accurate detection, substantially reducing false positives. SecBI’s product mimics expert analyst via unsupervised machine learning: SecBI’s core algorithms rely on unsupervised machine learning which requires no baseline, training, or learning period. It works out of the box. SecBI’s machine learning infrastructure mimics an expert analyst and has been field-proven to extend capabilities in places no human can: Analyzing billions of events, finding connections, and building a complete forensic incident story and kill-chain.

How we are different

This product deserves this award because:
1. It saves analysts time by drastically reducing false positives and focuses their energy on real threats with a prioritization scale. It also presents the full scope of the detection meaning that it identifies all the affected entities involved in each incident. This makes remediation fast and comprehensive.
2.It offers automated response at varying levels of automation - from playbook workflows to more intervening manual remediation.
3. Thanks to it’s ‘cluster analysis’ Autonomous Investigation detects threats and other suspicious activities that typically go under the radar such as file-less and BIOS level malware. As it works from the network level, plus connected to multiple data sources such as end point and email, SecBI detects malicious communications coming into the network from unprotected IoT devices and sensors.