Reveelium Smart Predictive Analytics - Datasheet EN
-
Upload
itrust-cybersecurity-as-a-service -
Category
Software
-
view
68 -
download
2
Transcript of Reveelium Smart Predictive Analytics - Datasheet EN
Createdby:
ANOMALYDETECTION–BEHAVIORALANALYSIS–BIGDATACYBERSECURITY
BESTPRACTICES“Behavioral Analysis is the most plausible solution to APT“ General K Alexander, Director of the NSA, 2012
AUTOMATEDETECTIONOF:
• AdvancedPersistentThreats(APTs)
• DataExfiltration
APTs are complex threats that combine multiple attack strategies and vectors and frequently use as-of-yet unknown techniques and / or zero-day vulne-rabilities. They are generally targeted attacks that can remain undetected for long periods of time. Commercially available security tools cannot currently detect APTs and fraudulent data exfiltration. Current tools and methods are thwarted because the human expertise they require to identify weak signals in big data does not scale. These new threats require a new security paradigm. PRIZESWinner of the Project “Investments for the Future” hosted by the French State • Cloud v2 SVC • IT Innovation Forum • IT Security Trophy
Since 2007, the ITrust engineering team has been working on the development of intelligent systems
capable of detecting weak signals in large and complex IT environments to prevent cyber-attacks
and to identify unknown viruses. The vast experience of our engineers gathered on forensic analysis
projects, security audits and advisory engagements has allowed us to develop a behavioral engine
aimed specifically at Advanced Persistent Threats (APT).
Our team has specialized in decision handling for security information coming from applications,
servers, networks and security equipment. Reveelium provides an artificial intelligence system that
detects anomalies and is based on algorithms that were developed and tuned over 5 years by ITrust
and three international research labs.
At ITrust, we develop Big Data and Machine Learning technologies to solve Cybersecurity issues. DETECTIONASASERVICEOFAPTs&UNKNOWNVIRUSES&ATTACKSITrust enables businesses and other organizations to achieve an optimal level of security while
automating the detection of malicious behaviors, the identification of weak signals and the loss and
exfiltration of confidential information. Leveraging a cloud-based model, ITrust combines efficient
delivery with tailored services.
GENERALFEATURES
Reveelium is a behavioral analysis engine designed to detect weak signals and anomalies in IT
systems.
According to a recent Verizon Data Breach Investigation Report, three out of four businesses fall victim
to computer attacks or hacks, even though 90% of them are equipped with basic IT security systems.
APTs, malicious behaviors, morphing viruses, phishing and other malware & user actions elude or
circumvent current security measures. Worse, no tool currently available can detect all of them. Yet,
these attacks leave behind signs of their passing but identifying these weak signals hidden in massive
amounts of data is out of reach for current tools.
Reveelium identifies these signals with its automated anomaly detection system. It continuously
analyzes the behavior of IT systems and searches for weak signals in the vast amount of machine
data generated by the servers, applications, databases, network and security equipment, etc.
Reveelium precisely identifies security anomalies created by a dozen (and growing) different typical
hacks and breaches.
Developed with the support of the region:
Createdby:
APOWERFULANOMALYDETECTIONTOOL
Reveelium is a unique and powerful next-generation security solution that is built around 3
complementary approaches:
1. A weak signal detection engine, the result of extensive research into mathematical
algorithms;
2. A correlation engine, based on the experience of system engineers and security
consultants;
3. A global knowledge base, Reveelium’s experience repository which collects, abstracts
and shares the behaviors identified across Reveelium users.
BIGDATAEXPERTISE
Reveelium works at big data scale on- or off-premises, processing
massive amounts of data.
1. Analysis & Learning: statistical analysis, learning processes, data
sources profiling;
2. Correlation and Intelligence: correlation of different sources
analysis, data sample deviation;
3. Shared Knowledge-Base.
Reveelium can process data inputs from a wide variety of sources:
• Logs and SIEM event data (through SIEM connectors);
• AMQP messages (Rabit MQ …);
• And queries through the Reveelium API (JSON).
Reveelium returns alerts and anomaly thresholds (and anomaly
causes) by:
• Logs (SIEM connectors);
• Syslogs;
• AMQP;
• XML / JSON.
Business rules can be implemented and monitored in the correlation rules. The HMI displays correlations, tracks deviations,
allowing the user interaction and feedback.
CHARACTERISTICS
Createdby:
BENEFITS
NON-INTRUSIVE.AGENTLESS.Reveelium’s on-premise SaaS model combined with a public or private
cloud, keep installation simple and free of other modules requiring
complex installation. It works with any tool that’s already been
deployed: SIEM, applications, AD, BD. The installation has no impact
on the operation and performance of the production system and does
not require the installation of third-party agents.
NEXT-GENERATIONENGINE3D technology enables the detection of anomalies (virus, behavior,
fraud, exfiltration, malware) where no other tool can, notably through
the use of 5 algorithms develop over years of research with leading
laboratories.
USERINTERFACEReveelium’s ergonomically designed HMI as well as its operation in
learning mode allow for a worry-free installation and ease of use by
anyone from experts to executives.
DETECTION&ANALYSISCAPABILITIESThe detection capability of Reveelium increases productivity and the
analytics capabilities of security monitoring teams; it reduces the time
spent on performing data analysis by 98%.
IMMEDIATEROI3D technology (weak signal detection, correlations, knowledge base) is
unique. It allows bringing detection times down from a typical 12 months
to 1 week and reduces false positives by 95%.
EXPANDABILITYFor customers that do not currently operate a centralized machine data
repository, a SIEM/Syslog module can be added to Reveelium.
PLUG&PLAYReveelium and its universal connector can process all types of data, from
any source.
Createdby:
• Forensic analysis and investigation
(e. g. the detection of an attack and its progression path)
• Fraudulent use of an IT system
• Detect privilege fraud and escalation
• Data loss prevention and spying
• Detect Advanced Persistent Threats (APTs) and unknown
viruses
• Predict system crashes, prevent production environment
downtime
• Regulatory compliance and best practices (SoC, Basee III, PCI
/ DSS, ...)
• Avoid financial loss or fraud
• Reduce legal risk and reputational damage
• Keep the IT system in operating conditions
Reveelium is able to handle different use cases:
PLUGINVERSIONSReveelium comes as a plugin that is easily installed and processes weak signals on Splunk, Arcsight, RSA… SIEM systems and Identity and Access
Management Systems (IAMs), that is easily installed and processes weak signals stemming from the underlying systems. It is regularly enriched
by the ITrust R&D team.
STANDALONEVM/CUSTOMIMPLEMENTATIONS(POC)Reveelium can adapt to client organization’s specific business context, analytical needs and systems environment and comes with its own log
monitoring infrastructure. Custom implementations are supported by ITrust’s team of expert Data Scientists.
OPENSTACKDetects anomalies specific to OpenStack Infrastructures.
CONTACT
Reveelium can be implemented
in private or public cloud environments, as a service or on
premises
BENEFITSDetects unknown threats
Reduces detection time from 12 months to 1 week
Lowers false positives by 95%
Eliminates 98% of security staff’s monitoring time
ITrust, 55 avenue de l’Occitane
75001 Paris, France
+33 (0)567 346 780
DETECTIONCAPABILITIES