Modern attackers have changed their tactics to circumvent defenses that are increasingly effective at discovering and blocking malware. These threat actors now exploit tools that every organization needs to run their business and operate their IT function. This is happening at the same time as organizations move to an automated and connected workplace where the very definition of the network is changing with unmanaged IoT, BYOD, cloud infrastructure and shadow IT. In this new reality, security teams are asked to distinguish between good and bad when everything looks like normal activity and to do this while being blind to upwards of 40% of the infrastructure.
The Awake Security Platform uniquely combines machine intelligence and institutional knowledge to transform security operations by enabling teams to identify and protect the organization’s highest-risk assets. The platform’s patented EntityIQ™ technology instantly analyzes billions of communications in real-time to discover every business asset—device, user and application—in the organization as well as the destinations and domains on the other end of the communications. By attributing and tracking behaviors for each of these entities over time, the Awake Security Platform can detect behavioral threats, mal-intent as well as known indicators of compromise. In addition, the security team can enrich the autonomously generated context with institutional knowledge about the entity.
The approach of combining a deep understanding of the source and destination entities with traffic analytics avoids the high false positives and negatives seen with other machine learning solutions that simply detect anomalies from a baseline for an individual IP address. The platform’s DetectIQ™ detection engine instead also compares each device to the other entities in the environment, grouping ones that are similar and then identifying behaviors that stand out from peer devices. In addition, Awake also provides QueryIQ™, a behavioral query language that enables security teams to discover attacker tactics, techniques and procedures (TTPs) such as ephemeral command and control infrastructure. With just network data, QueryIQ™ can precisely find notable patterns and behaviors via a simple but powerful interface for simultaneously interrogating graph and structured data sources as well as the raw underlying packets. Unlike existing systems like SIEM, QueryIQ™ provides interactive response even for very large datasets.