LOGTITAN SIEM AND ADVANCED THREAT ANALYTICS WITH MACHINE LEARNING (ML)

LOGTITAN SIEM comes with advanced correlation engine, behavioral analytics and Machine Learning (ML) models to automate pattern discovery while facilitating intelligent rule creation.

As a subfield of Artificial Intelligence (AI), LOGTITAN’s ML uses algorithms to find patterns in data and models them to detect anomalous behavior of users and entities. LOGTITAN’s machine learning library, pre-packaged with over 1,000 models and correlation rules, enables organizations to better identify advanced persistent threats (APTs) that have previously been flying under the radar.

The emergence of large volumes of fast-moving unstructured data by web, cloud, email, social media, and IoT poses a challenge to all organizations. Combining the information gleaned from machine learning models with the log and event data, LOGTITAN SIEM detects known threats in real time while supporting advanced incident response processes. In a time that cybersecurity talent is stretched thin, this is a huge benefit and relief to IT security teams.

Having access to powerful intelligence feeds, LOGTITAN SIEM provides predictive analytics, continuously learning from historical and present data via machine learning techniques, that helps predict and prevent future attacks on your IT systems. Operating up to 100 times the speed of manual threat investigations, it spots attacks, uncovers new threat patterns, triages threats and identifies the root cause of an attack.

LOGTITAN ML models profile a given user or asset behavior on a particular aspect of interacting with the corporate or IT environment. Here are a few examples of ML detection models:

Domain Generation Algorithm Detection Model

Detecting the use of a domain generation algorithm is surely critical. Attackers implement DGAs in malware to periodically generate a large number of domain names.

LOGTITAN utilizes Naive Bayes classifier for DGA detection.

The Naive Bayes Classifier technique is based on the so-called Bayesian theorem and is particularly suited when the dimensionality of the inputs is high. Despite its simplicity, Naive Bayes can often outperform more sophisticated classification methods.

Malicious URL Detection Model

Malicious URL, a.k.a. malicious website, is a common and serious threat to cybersecurity. Malicious URLs host unsolicited content (spam, phishing, drive-by exploits, etc.) and lure unsuspecting users to become victims of scams (monetary loss, theft of private information, and malware installation), and cause losses of billions of dollars every year. It is imperative to detect and act on such threats in a timely manner. LOGTITAN implements Logistic Regression in order to detect malicious URLs.

First-time category model

This model considers previously observed behavior patterns, and will automatically flag anything outside of the norm.

Identity based classification model

This model places identities with similar attributes into different classification buckets and evaluates behaviors to discover anomalous activity for relevant identities. This enables you to prevent unauthorized access to highly sensitive information as well as to apply appropriate actions to identities based on pattern recognition and sorting.

Interconnected Modes Model

This model examines a network of interconnected nodes to identify and analyze relationships. It finds matches both for known and new patterns of interests between interconnected objects. It is very effective to spot and stop social media related attacks.

Fraud Detection Model

This model identifies unusual increase in volume to detect and prevent fraudulent behavior in your organization.

Malicious Command Execution Model

This model identifies elevated access to users, plus it identifies abnormally frequent system access or bypass attempts. It uses clustering and frequency analysis to detect unusual behavior.

TRY LOGTITAN FOR FREE

Contact us