Overview

We call our technology Autonomous Investigation™ which is based on unsupervised and supervised machine learning. It is designed to analyze network traffic for detecting, investigating and remediating complex and stealthy threats. By using log data extracted from web proxies or SIEMs upon which is applied unsupervised machine learning, SecBI’s technology detects and clusters all internal (e.g.users, devices) and external (e.g. IPs, C&C servers, drop points) entities involved in communications in a compromised network. Identifying a malicious cluster, as opposed to a single discrete anomaly or sporadic alert, ensures faster and accurate detection with forensic evidence, including the full narrative and incident report. It instantly unveils malicious communications’ full scope, enabling comprehensive, automatic detection. Following the remediation, the information gained from the detection is then communicated to the preventive devices to redefine it’s policy for future attempts of breach. SOC analysts are presented with complete attack narratives giving them complete visibility of all affected users and devices, and infection points involved in the same incident. The complete narrative provides analysts with the actionable information (e.g. block malicious hosts or sanitize endpoints).
During the process, our technology identifies a suspicious cluster based on common behaviors (not a baseline), with its related forensic evidence, to assure faster and more accurate detection, substantially reducing false positives. SecBI’s product mimics expert analyst via unsupervised machine learning: SecBI’s core algorithms rely on unsupervised machine learning which requires no baseline, training, or learning period. It works out of the box. SecBI’s machine learning infrastructure mimics an expert analyst and has been field-proven to extend capabilities in places no human can: Analyzing billions of events, finding connections, and building a complete forensic incident story and kill-chain.