Viettel Killchain and Anomaly Detection

Additional Info

CompanyViettel Cyber Security Company
Websitehttps://viettelcybersecurity.com/
Company size (employees)100 to 499
Headquarters RegionAsia

Overview

VCS-KIAN is the most innovative provider of behavioral analytics solution in South East Asia. In general, VCS-KIAN automatically links and analyzes user and entity activity to better inform security analysts about anomalies and threats in the system. VCS-KIAN provides a powerful analytics layer on top of existing SIEM, detecting new attacks, prioritizing incidents, and guiding a more effective investigation.

Behavioral Baselining Across Multiple Data Sources
Our solution cut across organizational boundaries, IT systems and data sources and analyze all the data available for a specific user or entity. Some example data sources include: authentication systems like Active Directory, access systems like VPN and proxies, Firewall or Intrusion Detection and Prevention Systems (IDPS), Endpoint Detection and Response systems, Network Traffic Analytics. VCS-KIAN leverages sophisticated machine learning and behavior analytics to learn user and entity’s baseline or behavioral profile, and using that model to quickly identify abnormal behavior.

Signature-free detection and Risk-based Incident Prioritization
VCS-KIAN uses advanced analytics engine to identify abnormal and risky activity without predefined correlation rules or IoC patterns. It provides meaningful alerts without requiring fine tuning, and with lower false positives. VCS-KIAN provides out-of-the-box 500+ use cases detection that help protecting organization against top three categories of common threats: advanced persistent threat, insider threats and compromised credential. These built-in contents also mapped to the MITRE ATT&CK framework to give security teams a common framework for detection and help them build stronger security processes.

VCS-KIAN continuously calculates and tracks risk score based on Naïve Bayesian machine learning approach, that eliminate manually review of large numbers of individual alerts. The system requires multiple signs of abnormal behavior to create an alert, reducing 50% of false positives and saving 60% operation time for SOC analysts.

How we are different

- Cloud-native analytics platform delivering a streamlined experience and seamlessly integration
VCS-KIAN is designed to be self-contained including the development of advanced detection scenarios, the investigation and analysis of anomalous behaviors. Integrating with 15+ popular SIEM solutions and common log management systems, VCS-KIAN is easy to setup and ready to use for less than 01 hours with unlimited scale on cloud or on premise.
- AI-driven technology and powerful detection
Based on our adaptive learning AI methodology developed by Viettel Cyber Security’s Machine Learning Center, VCS- KIAN orchestrates behaviors of entities and delivers customized scenarios to continuously meet client’s situations. Along with a broad set of built-in use cases detection, VCS-KIAN allows analysts to create and customize detection use cases intuitively on user interface, from simple scenarios such as correlation condition or abnormal entity activity to complex scenarios such as chain of multiple abnormal activities.
- Lightweight, Flexible, Scalable
VCS-KIAN is designed to be lightweight, flexible and scalable. Unlike other Hadoop-based technology UEBA, our solution provides analytics engine designed specifically to solve UEBA related problems like real-time profiling, real-time detecting and real-time risk scoring. To be specific, our solution consumes only 25% hardware resources and able to provide truly real time detection.