Out-of-the-Box Software For Known & New Indicator Detection Across Multiple Data Sources
Real-time Indicator Detection Across Multiple Data Sources At Scale
Replace Brittle Custom Data Pipelines With thatDot’s Streaming Graph
Thanks to DARPA funded R&D thatDot Connect software accelerates XDR service development with an out-of-the-box data pipeline application. Users define indicators as queries and Connect’s Streaming Graph Tech assembles events across XDR data sources and drives workflows when indicator matches are found, in real-time, at scale.
Eliminate Alert Fatigue; Confidently Identify New Novel Behaviors
A New Approach To Anomaly Detection Using Categorical Data
Numerical anomaly detection is the wrong tool for finding security risk behaviors. thatDot Anomaly Detector is a new approach. Our graph-based AI technique looks at categorical data to more confidently identify novel behaviors in real-time and at scale with fewer false-positives. We even identify multi-stage exploit campaigns.
Human Readable & Prioritized Results
Challenge: Users configuration change monitoring solution swamped SOC analysts with 1,000s of alerts, the vast majority of which are false-positives. The volume and poor quality were compounded by SOC short-staffing resulting in an inability to investigate alerts in a timely manner.
Response: thatDot filtered alerts using system and user behavior modeling to identify the novel events that matter, separating truly novel findings from unique observations that traditional anomaly detection techniques identified as issues.
Result: 87% fewer alerts, prioritized and with “human friendly” explanations of why an event was novel.
Scalable & Cost Effective
thatDot Patent Pending Software Intelligently Scales to Meet KPI and ROI Objectives
- Distributed horizontal scaling; to clusters of 100s of machines
- Parallel asynchronous processing
- Fully back-pressured, efficient and small footprint
- Incremental deployment, run alongside existing infrastructure
- On-premise licensing for economical deployment
- Integrate with your existing solutions; persistent storage, reporting, APIs, and services
Example Use Cases
Ransomware Campaign Detection
Streaming log analysis to identify the multi-domain activities that comprise a ransomware campaign, including stolen credential use, code injection, and data exfiltration.