Get in touch with our support team for any questions not answered in our help center.
Join our community on
Get in touch with our support team for any questions not answered in our help center.
Join our community on
Discovering advanced persistent threats (APT) is, by design, akin to finding a needle in a haystack.
The threat actors behind APTs combine multiple tactics, techniques, and procedures (TTP) over extended periods of time to compromise and maintain access to their targets.
The IBM Cost of Data Breach Report 2023 reported an average attacker mean time to identify or discover (MTTI, MTTD) of 204 days. Some bad actors remain in systems for over a year without discovery.
APTs do this by evading legacy security solutions which rely on time-batched loads of data that filter for Indicators of Compromise (IoC), aka Indicators of Behavior (IoB) by executing incremental actions spread across numerous systems at rates that exceed batch analysis size and time window boundaries that other cybersecurity depends on. APT detection requires a new approach.
Matured within DARPA's Transparent Computing program specifically for the APT detection, Streaming Graph and Novelty work together to efficiently uncover the behaviors that indicate advanced persistent threats.
Quine’s graph data model uses categorical data other systems ignore and excels at correlating individual events occurring in their billions/trillions across devices, software and services over any time period to find the behavior patterns (Indicators of Behavior or IoBs) that represent malicious activity.
When patterns are detected, Novelty can then apply its categorical anomaly detection techniques to identify when a string of related actions represents a novel/anomalous behavior, greatly reducing false positives.
Streaming Graph provides commercial support and licensing for Quine at scale on a distributed cluster, with namespaces for basic multi-tenancy. You can add real-time behavior-based APT detection to your stack with confidence.
thatDot's core technology underpinning Streaming Graph and Novelty was developed in partnership with DARPA. Read more about thatDot's origin and some examples of using Novelty to detect cloud data exfiltration and credential theft.
Quine + Novelty Detector detect both known and emerging behavioral patterns in a single workflow.
Joins multiple data sets to enable real-time identification of attack behaviors across domains
Identify behaviors over extended time periods using incremental streaming analysis (not batch)
Native support for categorical data simplifies operations and provides human-readable alerts for analysts
STIX Compliant, real-time detection of Indicators of Behavior (IoBs) and generation of STIX message events
Gery Szlobodnyik
CEO
Evan Wright
Staff Data Scientist