Seceon Open Threat Management Platform

What we do.

Hardening perimeter defenses alone does not secure the organization. Vulnerabilities such as crimeware, insider threats, cyber espionage, email and web exploits, etc. are evolving. To combat the threats and ensure the security of information, traditionally organizations develop a cohesive multi-layered security posture.

Cybersecurity technologies deployed in today’s enterprise are built on a fundamental hypothesis – smart humans must use an array of complicated advanced security tools to identify a threat and then figure out how to stop it. The problem is that 95 percent of attacks exfiltrate or corrupt data within a few hours of the breach—hardly enough time for smart humans to react!

Overworked, overburdened and just plain overwhelmed IT staffs are ill-equipped to defend corporate assets using traditional cybersecurity technologies; manual, perimeter-focused, traditional-powered solutions are simply not built to scale and are incapable of handling the speed of response demanded by the rapid rise to public cloud IaaS services.

Seceon Open Threat Management Platform enables organizations to see cyber threats quickly and clearly, and to stop them as they happen, preventing the infliction of extensive corporate damage.  The platform was built to use elastic compute power to develop the industry’s first and only fully automated threat detection and remediation system. It detects all forms of threats as they happen, and automatically stops them in minutes. Anticipating attackers’ behavior choices, Seceon’s environment-agnostic solution identifies both known and unknown threats in real-time, preventing risk, damage or loss of valuable information. Seceon can save companies tens of millions spent annually addressing data loss while dramatically reducing the number of cybersecurity tools required.

 

How we do it.

Seceon’s Open Threat Management Platform uses behavioral analytics generated by an extensive set of dynamic threat models, aided by machine learning techniques to detect both known and unknown zero-day attacks. The platform takes in structured and unstructured data and puts it through a fast parallel processing architecture that allows data to be streamed in through memory in real time. As data streams through the system, thousands of operations are performed in parallel allowing threats to be detected and correlated together, driving analytics within seconds. Ultimately, this very quickly gives us the ability to detect a full range of threats, stop them automatically or with the push of a button and secure against future threats with “self-learning” policy monitoring and enforcement.

 

Seceon Open Threat Management Platform enables organizations to see cyber threats quickly and clearly, and to stop them as they happen, preventing the infliction of extensive corporate damage.  The platform was built to use elastic compute power to develop the industry’s first and only fully automated threat detection and remediation system. It detects all forms of threats as they happen, and automatically stops them in minutes. Anticipating attackers’ behavior choices, Seceon’s environment-agnostic solution identifies both known and unknown threats in real-time, preventing risk, damage or loss of valuable information. Seceon can save companies tens of millions spent annually addressing data loss while dramatically reducing the number of cybersecurity tools required.

Dynamic Threat Model Engine

Threat models offer a systematic approach to analyze security of applications, users and data. It enables to identify, quantify, and address the security risks. Most of the time, the Security Information and Event Management, SIEM, platforms require the security analysts to write rules in order to detect the real threat issues from plethora of threat indictors that the SIEM platform reports.

 

This is a complex, human intensive and often error prone task. The Seceon OTM has developed Dynamic Threat Models to automate this task. The Threat Models are based on patented technology where the rules are all preconfigured and they adjust dynamically based on organization’s pattern and the machine learning.

 

Big/Fast Data Streaming Engine

Big/Fast Data Engine usually refers to set of architectural patterns, technologies and frameworks used to handle high-volume, high-velocity data feed and derive actionable analytics real-time. Technologies used in Big/Fast Data architecture include NoSQL databases like Cassandra, MongoDB vs. relational databases, high-performance distributed ingestion bus like Kafka, and lightning fast in-memory computing platforms like Spark etc. 

 

Seceon Open Threat Management Platform employs big data analytics to smaller data sets in real-time. The platform takes advantage of all Big/Fast data architectural patterns and frameworks to be able to process high-volume and high-velocity data real-time and automated rule sets in the form of threat models to detect and remediate the threats instantly.

 

 

Machine Learning Engine

Machine learning handles large data volumes in conjunction with contemporary big data frameworks efficiently and helps to secure your assets through deep data analysis. It is the secret sauce powering Seceon’s OTM platform.
ML enables the OTM Platform to adapt to any environment dynamically upon deployment. The ML engine inside the platform starts learning the current environment through mathematical analysis of the real time data to construct the blueprint of the normal behavior of the environment. The models operate and predict in real-time which makes the platform so effective in fighting threats real-time.

Seceon OTM Platform incorporates cutting edge research work through collaboration with academia to implement ML models. The models are implemented with performance, scalability and accuracy in mind. OTM uses unsupervised and semi-supervised learning principles to add experience to the ML models. The ML engine is powered by a rich library of models and algorithms that can baseline the enterprise behavior from many different angles and data-points to detect network level broad anomaly, insider attack to threat specific attacks while they are happening.

 

 

AI Engine with Actionable Intelligence

AI helps to bolster cybersecurity against sophisticated hackers. It helps by automating complex processes for detecting attacks and reacting to breaches. Seceon OTM Platform uses AI techniques to generate alerts from the sea of threat indicators that otherwise will be analyzed by Security Operations Experts taking a very long time.

The AI Engine not only automates analysis, but also helps us minimize false positives, improved accuracy and delivers real time performance.

Correlation Engine

Writing cryptic security scripts need special skills, and comes with high ramp up time and cost. Seceon Our approach provides a closed-to-natural-language DSL (Domain Specific Language) to define correlation definitions in a user friendly way. DSL is interpreted and dynamically loaded into the system.

Definitions get translated into optimized data stream processing topologies for efficient correlation and can be modified or added dynamically using RESTful interface.

Collection and Control Engine (CCE)

The Collection and Control Engine (CCE) collects input from a variety of sources. It extracts features, enriches the collected logs and flows at runtime, normalizes, classifies, compresses and then forwards the results to the Analytics and Policy Engine (APE). It also contains and eliminates threats in real time, using Auto Remediation as directed by the APE.

The input to CCE includes,

  • Raw Network and Metadata Stream
  • NetFlows and Sflows
  • Syslog from network devices, such as, routers, switches, firewalls and even some servers
  • Windows Active Directory logs
  • Raw Application Logs from several applications like MS-SQL, MS Exchange, SMTP, FTP, Office365, DNS/DHCP, File Server, etc. in the network.
  • Other streaming telemetry, such as SIEM data can be used as an aggregator and the aggregated logs can be sent to the CCE.
  • Threat Intelligence and Enrichment Data – Open Threat Management Platform consumes feeds from its predefined set of threat intelligence sources for enrichment, such as blacklisted URL and domain names. Users can send feeds from their own sources, as well.