Awake Security Platform

As attackers have evolved beyond malware, supply chain threats, insider attacks and living off the land tactics challenge the ability for organizations to defend themselves effectively. At the same time a new network has emerged with unmanaged Internet of things, cloud infrastructure, contractor and third-party devices and shadow IT. Security teams recognize the need for threat hunting to deal with this evolving landscape, but struggle with the time and skills necessary to distinguish between good and bad when everything looks like normal activity.

The Awake Security Platform is built on a foundation of deep network analysis from Awake Sensors that span the ”new network”—including the data center, campus, IoT as well as cloud workload networks and SaaS applications. Unlike other network detection and response solutions, Awake parses over three thousand protocols and processes layer 2 through layer 7 data. The platform analyzes encrypted traffic to identify important context such as the nature of traffic (file transfer, interactive shell etc.), the applications communicating and the presence of remote access, all without forcing data decryption. Awake’s EntityIQ™ technology uses this information to autonomously profile entities such as devices, users and applications, while also preserving these communications for historical forensics.

The Awake Security Platform has exceeded our expectations and empowered us to secure our connected workplace more effectively and autonomously than ever. 

Rich Noguera, Former CISO, Gap

Extracted activity data feeds into the Awake Nucleus which uses a combination of detection models to uncover malicious intent. An ensemble of machine learning approaches avoid reliance on simplistic and noisy anomaly detection or unsupervised learning. Awake’s Adversarial Modeling™ language enables the uncovering of even the most complex attacker tactics, techniques and procedures (TTPs), with extensible AI-driven models that first zero in on suspicious activity and then gather corroborating evidence to support conviction. The modeling language delivers rich data analysis capabilities as well as a vocabulary to express attacker TTPs, so that even a relatively junior analyst can now hunt. The Nucleus provides a single sign-on and role-based user experience as well as a full API for extensibility, notifications and integrations with other IT and security solutions for automated response and remediation.

Ava, Awake’s autonomous security analyst, is the world’s first AI-based security expert system that performs threat hunting and incident triage. Ava automatically connects the dots across the dimensions of time, entities, and protocols, enabling the solution to present end-to-end Situations to the end user rather than a plethora of meaningless alerts. Analysts thus see the entire scope of an attack along with investigation and remediation options on a single screen while avoiding the effort of piecing it together themselves. Importantly, federated machine learning allows Awake customers to gain these capabilities while keeping their private data firmly within their infrastructure.


The Awake Security Platform integrates with and amplifies existing solutions through integrations into industry-leading SIEM, business intelligence and analytics, endpoint detection and security orchestration tools. In addition, the platform supports a full API for custom workflows and integrations. For instance, the SIEM integration allows an analyst to pivot from an alert containing an IP or email address to a device profile with the associated user(s) and roles, operating system, and application details, a forensic threat timeline as well as a listing of similar device(s) for campaign analysis. Similarly, endpoint integrations allow for one-click quarantining of compromised devices or retrieval of endpoint forensic data.

Deployment Modes

The Awake Security Platform can be deployed in two modes depending on customer requirements and network architecture:


The Awake Sensor and Awake Nucleus, in this case, are deployed on a single appliance. This deployment is ideal for customers who deploy a single instance of Awake or do not require a centralized view of their deployment.


When deployed in this mode, the Sensor and Nucleus are deployed separately. Sensors can be deployed in a variety of form factors including physical or virtual appliances. The Nucleus can also be deployed as a hardware cluster to support higher performance requirements as well as in Amazon Web Services to support distributed deployment of sensors.

Download PDF