Seceon’s comprehensive platform includes more than 15 tools like ai, ml, vulnerability assessment, SIEM, SOAR, UEBA, NBAD, NTA, EDR, TI, but our focus for today is an area that frequently comes up in conversation with customers and partners alike.

Does your current cybersecurity Solution discover and remediate unwanted bot activities, malware, lateral movements, credential theft, and insider threats both on-prem and across the cloud?

Seceon’s aiXDR solution discovers and remediates a comprehensive list of threats, exploits, attacks, suspicious activities, and non-conformance/non-compliance items, including Zero-Day and advanced malware with sophisticated evasive techniques. The Table below is an indicative subset of the exhaustive threat models implemented in the product.



Threat Models


Trojan Horse Activity

Suspicious Trojan activity detected in the network.

Insider Threat/Compromised Credentials

Unusual activity by an insider with valid credentials. This could indicate a user with malicious intent or potential compromise of that user’s credentials.

Policy Violation

An alert to indicate policy violations based on provisioned rules (granular policies like micro-segmentation of network).

Suspicious Infected Host

A host is suspected to be infected based on correlation of all indicators of compromise.

Botnet Detected

A network of private computers infected with malicious software and controlled as a group without the owners’ knowledge, e.g., to send spam or syn messages.

Spank Attack

Spank attack is a form of DDoS attack where the attacker utilizes multicast addresses as source addresses to multiply the bandwidth consumed by the network and the targeted host.

Potential Data Raid

Detection of potential data breach or data raid from critical assets.

Potential Exploit

System has observed traffic patterns that would indicate an attempt to exploit system vulnerability.

Volumetric DDoS

Attacks that use massive amount of traffic saturating the bandwidth of the target. Volumetric attacks are easy to generate using Protocol (TCP/UDP) Flood.

RC4 Attack

Potential RC-4 Encryption Vulnerability exploitation detected

Suspicious Account Creation – Insider Threat

An account created for malicious intent by an Insider Administrator.

Brute Force Attack

Brute Force login attack on a particular host.

Known Virus or Worm Infection

Host infected with virus or worm with known signature (hash)

Potential Web Exploit

System has observed traffic patterns that would indicate attempts to exploit Web Application vulnerability.

Potential Vulnerability Exploit

System has observed traffic patterns that would indicate an attempt by a host to exploit application vulnerabilities present on other host(s)


ICMP FLOOD based attack detection

Malware Infected Host

Server or endpoint infected with malicious software (including fileless)

Insider Threat (USB)

An insider who could be causing leakage of business sensitive information including privacy protected data (e.g PII, PHI), advertently or inadvertently from a high-value asset to an USB drive

Data Exfiltration

Unusual user activity is mapped with entities (databases, servers, applications) accessed and correlated with spike in data transferred from an internal IP/Port to another internal or external IP/Port to arrive at data exfiltration as potential Threat Indicator

DDoS Amplification

Amplification based DDoS attack detection


TCP SYN based DDoS attack detection.


Dangerous malware that can encrypt the entire disk and hold endpoints/server hostage in lieu of demand for ransom

DNS Tunneling

DNS Tunneling

Compromised Credentials

User Credentials are suspected to be compromised

Phishing Attack

Socially engineered email that allures the recipient to a spurious website with malicious intent

Zero Day Malware

Malware without prior detection and known signature

Lateral Movement

Attempts by a malware (worm or botnet) to move from one endpoint/server to another with the intent of enhancing damage and/or reaching its target (server/application/database/storage)

Command & Control Center (C&C)

Attempts by a malware to establish communication with its Command & Control Center through various means – Backdoors, Domain Generation Algorithms (DGA), Beaconing etc.

× How can I help you?