Createdby:

ANOMALYDETECTION–BEHAVIORALANALYSIS–BIGDATACYBERSECURITY

BESTPRACTICES“Behavioral Analysis is the most plausible solution to APT“ General K Alexander, Director of the NSA, 2012

AUTOMATEDETECTIONOF:

• AdvancedPersistentThreats(APTs)

• DataExfiltration

APTs are complex threats that combine multiple attack strategies and vectors and frequently use as-of-yet unknown techniques and / or zero-day vulne-rabilities. They are generally targeted attacks that can remain undetected for long periods of time. Commercially available security tools cannot currently detect APTs and fraudulent data exfiltration. Current tools and methods are thwarted because the human expertise they require to identify weak signals in big data does not scale. These new threats require a new security paradigm. PRIZESWinner of the Project “Investments for the Future” hosted by the French State • Cloud v2 SVC • IT Innovation Forum • IT Security Trophy

Since 2007, the ITrust engineering team has been working on the development of intelligent systems

capable of detecting weak signals in large and complex IT environments to prevent cyber-attacks

and to identify unknown viruses. The vast experience of our engineers gathered on forensic analysis

projects, security audits and advisory engagements has allowed us to develop a behavioral engine

aimed specifically at Advanced Persistent Threats (APT).

Our team has specialized in decision handling for security information coming from applications,

servers, networks and security equipment. Reveelium provides an artificial intelligence system that

detects anomalies and is based on algorithms that were developed and tuned over 5 years by ITrust

and three international research labs.

At ITrust, we develop Big Data and Machine Learning technologies to solve Cybersecurity issues. DETECTIONASASERVICEOFAPTs&UNKNOWNVIRUSES&ATTACKSITrust enables businesses and other organizations to achieve an optimal level of security while

automating the detection of malicious behaviors, the identification of weak signals and the loss and

exfiltration of confidential information. Leveraging a cloud-based model, ITrust combines efficient

delivery with tailored services.

GENERALFEATURES

Reveelium is a behavioral analysis engine designed to detect weak signals and anomalies in IT

systems.

According to a recent Verizon Data Breach Investigation Report, three out of four businesses fall victim

to computer attacks or hacks, even though 90% of them are equipped with basic IT security systems.

APTs, malicious behaviors, morphing viruses, phishing and other malware & user actions elude or

circumvent current security measures. Worse, no tool currently available can detect all of them. Yet,

these attacks leave behind signs of their passing but identifying these weak signals hidden in massive

amounts of data is out of reach for current tools.

Reveelium identifies these signals with its automated anomaly detection system. It continuously

analyzes the behavior of IT systems and searches for weak signals in the vast amount of machine

data generated by the servers, applications, databases, network and security equipment, etc.

Reveelium precisely identifies security anomalies created by a dozen (and growing) different typical

hacks and breaches.

Developed with the support of the region:

Createdby:

APOWERFULANOMALYDETECTIONTOOL

Reveelium is a unique and powerful next-generation security solution that is built around 3

complementary approaches:

1. A weak signal detection engine, the result of extensive research into mathematical

algorithms;

2. A correlation engine, based on the experience of system engineers and security

consultants;

3. A global knowledge base, Reveelium’s experience repository which collects, abstracts

and shares the behaviors identified across Reveelium users.

BIGDATAEXPERTISE

Reveelium works at big data scale on- or off-premises, processing

massive amounts of data.

1. Analysis & Learning: statistical analysis, learning processes, data

sources profiling;

2. Correlation and Intelligence: correlation of different sources

analysis, data sample deviation;

3. Shared Knowledge-Base.

Reveelium can process data inputs from a wide variety of sources:

• Logs and SIEM event data (through SIEM connectors);

• AMQP messages (Rabit MQ …);

• And queries through the Reveelium API (JSON).

Reveelium returns alerts and anomaly thresholds (and anomaly

causes) by:

• Logs (SIEM connectors);

• Syslogs;

• AMQP;

• XML / JSON.

Business rules can be implemented and monitored in the correlation rules. The HMI displays correlations, tracks deviations,

allowing the user interaction and feedback.

CHARACTERISTICS

Createdby:

BENEFITS

NON-INTRUSIVE.AGENTLESS.Reveelium’s on-premise SaaS model combined with a public or private

cloud, keep installation simple and free of other modules requiring

complex installation. It works with any tool that’s already been

deployed: SIEM, applications, AD, BD. The installation has no impact

on the operation and performance of the production system and does

not require the installation of third-party agents.

NEXT-GENERATIONENGINE3D technology enables the detection of anomalies (virus, behavior,

fraud, exfiltration, malware) where no other tool can, notably through

the use of 5 algorithms develop over years of research with leading

laboratories.

USERINTERFACEReveelium’s ergonomically designed HMI as well as its operation in

learning mode allow for a worry-free installation and ease of use by

anyone from experts to executives.

DETECTION&ANALYSISCAPABILITIESThe detection capability of Reveelium increases productivity and the

analytics capabilities of security monitoring teams; it reduces the time

spent on performing data analysis by 98%.

IMMEDIATEROI3D technology (weak signal detection, correlations, knowledge base) is

unique. It allows bringing detection times down from a typical 12 months

to 1 week and reduces false positives by 95%.

EXPANDABILITYFor customers that do not currently operate a centralized machine data

repository, a SIEM/Syslog module can be added to Reveelium.

PLUG&PLAYReveelium and its universal connector can process all types of data, from

any source.

Createdby:

• Forensic analysis and investigation

(e. g. the detection of an attack and its progression path)

• Fraudulent use of an IT system

• Detect privilege fraud and escalation

• Data loss prevention and spying

• Detect Advanced Persistent Threats (APTs) and unknown

viruses

• Predict system crashes, prevent production environment

downtime

• Regulatory compliance and best practices (SoC, Basee III, PCI

/ DSS, ...)

• Avoid financial loss or fraud

• Reduce legal risk and reputational damage

• Keep the IT system in operating conditions

Reveelium is able to handle different use cases:

PLUGINVERSIONSReveelium comes as a plugin that is easily installed and processes weak signals on Splunk, Arcsight, RSA… SIEM systems and Identity and Access

Management Systems (IAMs), that is easily installed and processes weak signals stemming from the underlying systems. It is regularly enriched

by the ITrust R&D team.

STANDALONEVM/CUSTOMIMPLEMENTATIONS(POC)Reveelium can adapt to client organization’s specific business context, analytical needs and systems environment and comes with its own log

monitoring infrastructure. Custom implementations are supported by ITrust’s team of expert Data Scientists.

OPENSTACKDetects anomalies specific to OpenStack Infrastructures.

CONTACT

Reveelium can be implemented

in private or public cloud environments, as a service or on

premises

BENEFITSDetects unknown threats

Reduces detection time from 12 months to 1 week

Lowers false positives by 95%

Eliminates 98% of security staff’s monitoring time

ITrust, 55 avenue de l’Occitane

75001 Paris, France

+33 (0)567 346 780

sales@itrust.fr

DETECTIONCAPABILITIES