Overview

SecBI provides security automation in a currently neglected area, advanced threat detection and investigation, which is the most complex and critical process in the security operations center (SOC). We’ve developed a next-generation network traffic analysis (NTA) solution for maximum network visibility to detect and investigate malicious incidents, eliminating the need to deploy network sensors (a requirement other NTA vendors set), thereby making it ideal for geographically-dispersed enterprises and cloud-based deployments.
Another innovative aspect is that our Autonomous Investigation™ technology uses both unsupervised and supervised machine learning. Much of what the industry calls machine learning is “supervised” machine learning, which is based on manual human feedback. In the cyber arms race, evolution happens in milliseconds, making the supervised approach not only inaccurate but also unscalable and human-dependent. “Unsupervised” machine learning, on the other hand, doesn’t just detect anomalies; it investigates them to find out whether they are indicative of an attack, then groups together all the related evidence so the analyst doesn’t have to spend hours digging through data. Unsupervised machine learning is used in highly dynamic use-cases where the data changes frequently, new behaviors emerge constantly, and labeled data is scarce, making it the deal approach to uncover stealthy attacks that would not be discovered when using a baseline for anomalies.
As a result, our value is best understood in contrast to intrusion detection solutions that generate sporadic alerts and anomalies requiring manual correlation and investigation. Our Autonomous Investigation™ technology presents analysts with the full scope on every suspicious incident, including all affected entities (e.g. users, domains, devices) within minutes, thereby automating the aspect of the investigation process and practically eliminating false positives. Once armed with this clustered and full scope information of the entire incident storyline, analysts are able to perform rapid and complete remediation, minimizing breach damage.