- Networkcentric dark threat detection based on adversarial machine learning. Used by miiltary for criticial cyber defense operations for over a decade.
- No rules or configurations. Unsupervised and supervised machine learning.
- Surface and prioritize most critical non-signature based threats based on network behavior.
- Prioritize value of assets within network, based on network behavior. Identify unknown assets and rogue devices.
- Artificial intelligence is driven off on L2, L3, and L4 packet headers. No deep packet inspection required.
- 100+ algorithmic techniques and approaches. Applied usage of machine learning, deep machine learning and machine reasoning.
- Open architecture based off of Hadoop, Elasticsearch, Kibana, Neo4J and Apache Tomcat. Run your own algorithms on top of the CyGlass stack.
- AWS cloud-based analytics or on-premise deployments.
- Enrich data sets where desired with authentication logs, application logs, active directory, and asset metadata.
- Lightweight collectors either hardware or virtual appliance deployed as a TAP or SPAN.
How Cyglass Works:
Step 1: Discovers and Learns
Virtual or hardware based collectors are deployed as a SPAN or TAP to ingest network traffic, log data, asset and user metadata in addition to sources of federated intelligence. CyGlass Analytics begins to learn the behaviors of your network while identifying and classifying the value of your critical assets.
Step 2: Predicts and Prioritizes
Anomalous behaviors are uncovered and prioritized through an ensemble of machine learning and deep learning algorithms and are pinpointed into areas of concern.Areas of concern provide an in-depth understanding of the context of the threat and its evolution in relationship to the critical assets involved.
Step 3: Pinpoints and Mitigates
Visualization mapping provides a time based narration of how a threat is evolving in your network and permits you to drill down into the details of the threat. Integration with security orchestration and incident management tools provide semi-automatic or fully automatic response and remediation.
Federated intelligence from 3rd party sources can be leveraged to enrich the data sets and provide enhanced capabilities in pinpointing threats