Data Collectors: High-performance software collectors to collect very large amounts of system data. Eliminating the need for hardware sensors.
Processing Engine: Powerful AI to create source-specific enriched security data.
Visualizations: Dedicated and intuitive visualizations for the respective data sources and their use cases.
Detection AI: Ready-made analyzer algorithms and use cases designed specifically for the respective data sources and their security scenarios.
Investigation AI: Optimized investigation views and guided threat hunting for the respective data sources and their use cases.
Network Module: Covering internal & external network traffic
APT attack detection
Network visibility
Analysis of access patterns for internal services (generating server profiles):
Detection of internal shadow-IT: Correlation with CMDB information
Blacklist-Matching: Correlation with threat feeds
Web Module: Covering web activities of internal devices
APT attack detection:
Detection of hidden data leaks such as browser plugins or software collecting data
External shadow IT: Detection of unauthorized cloud services and uploads
Unauthorized and outdated devices: Clustering of machine-to-machine (M2M) devices for outlier detection
Identification of unauthenticated proxy access
Blacklist-Matching: Correlation with threat feeds
Xlog Module: Cross-data threat detection
Better events: Enriched, aggregated events across various data sources. Efficiently stored.
Better detection: Correlation and enrichment of network events with host log data:
Better alerts: Combining the alerts produced by host-based and by network-based security tools to filter false positives and produce consolidated high-quality alerts. Data sources can include:
Better response: Unified visibility for efficient investigation & response.