Auto-Correlation & Actionable Context
Efflux Analytics removes the guesswork and allows analysts to efficiently defend against serious threats by determining a clear line of sight through the noise of alerts. The system analyzes proprietary, third-party, and business specific data points from different angles to determine and prioritize the significance of a threat. Backed by Efflux, your analysts can understand which threats are truly high priority and initiate a remediation process to protect your enterprise.
Signatureless Pattern Recognition
Signatures aren’t a reliable data source because determined attackers use a variety of methods to inflict harm and destruction. Efflux Analytics learns an attacker’s unique approach when analyzing malicious activity. We’ve gathered perspectives based on our military-grade cybersecurity experience, and applied statistics and machine learning to automatically decipher malicious tradecraft without the use of signatures. At Efflux, we work to understand the threat actor, and apply that mindset to our cybersecurity analytics with 36 different attributes of network telemetry to detect malicious movement in your network.
Lateral Detection Across Multiple Hosts
Detecting malicious east-west traffic in your network is difficult. With network segmentation and the lack of visibility in modern networks, this leaves blind spots in most organizations. Attackers will commonly stage compromised data ready for exfiltration, continually compromise vulnerable systems and quietly move through a network undetected by currently installed security systems. Efflux Analytics is able to detect attackers preparing, moving, and exfiltrating data laterally within your network, which is essential to stopping threats early in the kill chain.
Is your SecOps team able to quickly determine which threats are of the highest risk to business through its current security stack? Efflux Analytics first fights alert fatigue by auto-correlating an attacker’s lateral maneuvers, from movement direction to type and sequence of tradecraft. Then, it calculates a customizable risk score for the series of events. Efflux classifies each event into a Session and produces the correlated series into a Narrative.
Efflux Analytics organizes both Narratives and Sessions by date/time in convenient overlaying tabbed panes and delivers critical info like data amount transferred, protocols used, and source and destination ports. Efflux continues to expand third-party integrations, so Narratives can be correlated with both Efflux’s proprietary analytics as well as other analytics available through your cybersecurity operations tech-stack. Within the Narratives pane, the tech-tool that triggers the Narrative is displayed, and the Session pane provides an overview of the tradecraft used by the attacker in each Session. Efflux Analytics puts the control back into the hands of your analyst and reverses the risk positioning the advantage in your company’s favor.
With Efflux Analytics, analysts are able to rapidly remove the typical barriers your cybersecurity tech-stack may be creating. Efflux Analytics was designed to intuitively connect to the analyst’s investigative process throughout the user experience. It delivers multiple insights that help your SecOps team promptly complete the questions of who, what, where, when, and how of a threat incident. Get a glimpse of the insights through the included Inspector pane as the analyst inspects the threat situation, or review deep context of node communication through the Host pane. Dig down below the surface with a simple click to query insights available across your tech-stack. Making the investigative process simple and natural for the analyst, ensures your SOC gets the most information to detect, investigate, and stop the intrusion.
The Efflux Analytics Narrative Map draws the attack as threat activity takes place node by node, session by session. Attacker tradecraft is identified by icons to the right of each edge line, which maps an attacker’s lateral movement between involved nodes. Upon hover of a tradecraft icon, a legend cue slides out of the tradecraft totem to remind the analyst of the various types of tradecraft used within the Session.
The Efflux Analytics Narrative Map also clearly identifies external versus internal nodes and uses colors and patterns to easily understand different node types and customizable business unit categories. Want to auto-zoom into the areas of the map? With a click of a node, edge line, or Session listing, the view zooms where you need it to. Furthermore, map views can be exported as .PDF, .PNG, or .JPG file formats. The Narrative Map is easy to understand, allowing your analysts to efficiently and effectively determine the appropriate response to the threat incident.
Automated Analysis of Threat Actor Tradecraft
No matter the tool, method, or movement, there are humans behind every attack methodically crafting their approach. This is the attacker tradecraft that Efflux Analytics helps your cybersecurity team to decipher and understand. But manual understanding isn’t good enough to compete with advanced cyber attacks, so Efflux learns tradecraft patterns to better correlate attacks that happen over time.
Give your cybersecurity operations team the best chance to defend the network.
Contact us for a demo.