Awake Security Platform

Most breaches are now the result of living-off-the-land attacks—multi-stage blended threats that avoid malware and instead utilize tools that every organization needs to run their business and operate their IT function. At the same time the very definition of the network is changing with unmanaged Internet of things, cloud infrastructure, contractor and third-party devices and shadow IT. Security teams are therefore asked to distinguish between good and bad when everything looks like normal activity and to do this while being blind to upwards of 40% of the infrastructure.

The Awake Security Platform is built on a foundation of deep network analysis from Awake Sensors that span the ”new network”—including the data center, perimeter, core, IoT and operational technology networks as well as cloud workload networks and SaaS applications. Unlike other network traffic analysis (NTA) solutions, Awake parses over three thousand protocols and processes layer 2 through layer 7 data, including performing encrypted traffic analysis. Awake uses this information to autonomously profile entities such as devices, users and applications, while also preserving these communications for historical forensics.

The Awake Security Platform has exceeded our expectations and empowered us to secure our connected workplace more effectively and autonomously than ever. – Rich Noguera, CISO, Yapstone

Extracted activity data feeds into the Awake Nucleus which uses a combination of detection models to uncover malicious intent. An ensemble of machine learning approaches avoid reliance on simplistic and noisy anomaly detection and unsupervised learning. Awake’s Adversarial Modeling™ capability enables the uncovering of even the most complex attacker tactics, techniques, and procedures (TTPs), by connecting dots across entities, time, protocols and attack stage. Finally, the platform also ingests threat intelligence indicators of compromise to detect known malware. The platform provides an API for extensibility, supports offline notifications and integrates with other IT and security solutions for automated response and remediation.

Ava is the world’s first privacy-aware security expert system that can perform autonomous threat hunting and incident triage. Using a combination of artificial intelligence, open-source intelligence, and Awake’s own human expertise, Ava autonomously connects the dots across the dimensions of time, entities, and protocols, enabling the solution to present end-to-end Situations to the end-user rather than atomic alerts. Analysts thus see the entire scope of an attack as well as investigation and remediation options on a single screen rather than having to piece it together painstakingly themselves. Importantly, federated machine learning allows Awake customers to see these benefits while keeping their private data firmly within their infrastructure.


The Awake Security Platform integrates with and amplifies existing solutions through integrations into industry-leading SIEM, business intelligence and analytics, endpoint detection and security orchestration tools. In addition, the platform supports a full API for custom workflows and integrations. For instance, the SIEM integration allows an analyst to pivot from an alert containing an IP or email address to a device profile with the associated user(s) and roles, operating system, and application details, a forensic threat timeline as well as a listing of similar device(s) for campaign analysis. Similarly, endpoint integrations allow for one-click quarantining of compromised devices or retrieval of endpoint forensic data.

Deployment Modes

The Awake Security Platform can be deployed in two modes depending on customer requirements and network architecture:


The Awake Sensor and Awake Nucleus, in this case, are deployed on a single appliance. This deployment is ideal for customers who deploy a single instance of Awake or do not require a centralized view of their deployment.


When deployed in this mode, the Sensor and Nucleus are deployed separately. Sensors can be deployed in a variety of form factors including physical or virtual appliances. The Nucleus can also be deployed as a hardware cluster to support higher performance requirements as well as in Amazon Web Services to support distributed deployment of sensors.

Download PDF