Malware. Blockchain. Exploit. APT. Artificial Intelligence. Buzzword bingo is a game that we are all tired of playing. If we cut through the noise, we can all agree that machine-scale problems require machine-scale solutions. When applied in the right way, machine learning can augment the cybersecurity analyst, not replace them. It is not a black box, it is not magic, it is math.
However, delivering genuinely valuable results over a barrage of clutter requires a radically different methodology: one that is abstracted away from the detection of specific tools, signatures, and IoCs. All adversaries (from the simplest to the most sophisticated) must engage in core campaign behaviors that are effectively impossible for them to avoid, and these behaviors reveal themselves in network data (netflow, proxy, DNS). Focusing on core campaign behaviors makes it possible to eliminate the vast majority of meaningless alerts you get today, in favor of connected activities that highlight genuine adversary behavior.
VSE looks for unexpected internal reconnaissance, collection and exfil behaviors by internal hosts and understands how they relate across time and across the network. This is how VSE is able to detect unfolding adversary campaigns regardless of what tools, tactics, or exploits they use.
Our less-is-more approach generates about 5 high-fidelity ThreatCases per week, as VSE only surfaces sequences of anomalous behaviors that make sense only as part of malicious threat campaigns. ThreatCases automate the time-consuming process of compiling the data needed to understand a threat. This means security teams can focus on what matters most — shutting down the threats and minimizing risk.
But for AI to be trustworthy in cybersecurity applications, it should not be a black box of unknown methodologies. We built our product to be explainable, so customers can understand how VSE arrived at its results, and know why they can rely on its ThreatCases. It is also software-only, built on the open source frameworks like Spark and Hadoop, and does not require any proprietary hardware. You can deploy it on-premises, or in the cloud, and its function is bespoke to its unique network environment.
Security, Risk & Compliance
Versive helps organizations focus on the cybersecurity threats that really matter by automating security expertise with machine learning. Versive has been recognized on CB Insights’ prestigious AI 100 list for the past two years, and as a 2017 SINET 16 Innovator, a designation given to compelling emerging cybersecurity companies.