Overview
Our analytics engine applies machine learning to incoming data streams and projects the detections into a 3-dimensional space:
-
Threat-severity dimension. How severe is the threat? Confirmed threats and their severity. To better align with your organization’s risk profile towards individual threat types, you have the option to adjust the pre-defined severity of individual threats.
-
Asset-value dimension. How valuable is the asset? If all the devices connected to the network are not equally important, you have the option to adjust the business value of individual asset groups to prioritize detections for your more important devices.
-
Confidence dimension. How confident are we in the verdict? Confidence in the verdicts that our algorithms are making about individual threats observed in the customer environment. In some instances, we observe enough behavioral indicators that our verdict is almost certain. In some other instances, despite the similar symptoms, the actual evidence might be sketchy. Therefore, the margin for error increases.
Our fusion algorithm uses these detections to identify clusters of similar threats and projections to calculate their risk levels. Our web portal then presents these as security alerts in a list prioritized by their risk levels. Each alert points to threats on your network and represents a natural unit-of-work for investigation and subsequent remediation.