Solutions for all sorts of breaches
We collect, detect and prioritize high-fidelity alerts in real-time and respond with automated enforcement or alerts to security personnel.
DNS Ninja
DNS Ninja analyzes all DNS traffic, throughout your entire organization. Each DNS request/response pair is analyzed and classified into a number of categories, ranging from internal, to computer-generated, to invalid. DNS Ninja is very well suited for detecting command and control, and exfiltration techniques.
Full insight into your
organization’s DNS traffic
Advanced machine learning algorithms for detecting generated domain names
High-fidelity alerts based on deviations and periodicity of classified DNS requests
Anomaly
Detection​
Our Anomaly Detection module is a generic but robust module that detects anomalous behaviour in time series data. This module uses the latest insights in Machine Learning algorithms, but also takes into account typical human behaviour to improve its model.
Unique time series algorithm taking human behaviour into account
High-fidelity alerts based on anomalous network behaviour
High-fidelity alerts based on deviations and periodicity of classified DNS requests
Clustering​
SightLab’s Clustering module is an extension to our Anomaly Detection module. While Anomaly Detection requires pre-classification of the input data, Clustering will perform automated classifications based on the similarities in the interactions described in the data.
Highly-scalable solution for analyzing network data
Advanced machine learning algorithms for automated classification and clustering of network devices
Detects anomalies in highly-detailed data flows from existing network devices
Behaviour
Analysis
The Behaviour Analysis module absorbs network flow data and uses a number of detectors to find specific communication patterns. It does not require a learning phase. Years of research by the Dutch research institute TNO have resulted in a set of detectors that discover DNS tunnels, illegal VPNs, fast flux techniques, exfiltration techniques and port scans.
Use network data flows to detect specific communication patterns for numerous attack techniques
Benefit from the ongoing cybersecurity research by leading Dutch research institute TNO
Valuable alerts from day one
Classification
SightLab’s Classification module gives organizations full insight into network devices and services in their infrastructure. Using network data flows, the Classification module will identify all network services and clients. This information not only helps organizations to better understand their IT landscape, but also provides insight into the impact of security breaches.
Obtain complete insight of the network services and clients
Improve the effectiveness of the Anomaly Detection and Behaviour Analysis module
Provides insight to determine the business impact of breaches
