Attack Detection & Analytics Platform

Answers, not clues...









Unsplashed background img 1

Seculert Key Benefits & Features


Security Analyst Resource Gap

There are approximately 80,000 cyber security analysts employed in the U.S. today. At the same time it is estimated that there are 300,000 unfilled vacancies for the same role a gap that is expected to grow to over 1.5 million globally by 2020…

It’s little wonder that many CISOs identify “human resources” as their biggest concern today. The reason for this extreme gap between the supply of qualified security analysts and the demand for them is that the conventional method of identifying and remediating cyber-attacks is extremely labor intensive.

Security industry research indicates that the average SIEM generates approximately 17,000 alerts per week of which less than 20% are considered reliable. At the same time, most SOC operations are so understaffed that they can only investigate fewer than 5% of these events. The net result is that the average amount of time it takes to find and remediate a new infection now stands at 22 days.

Metaphorically, cyber-security today is exactly where the textile industry was in the mid-1700s. At the time manufacturing cloth was also profoundly labor intensive. There was said to be as many as a quarter million hand looms in operation in the UK alone. It wasn’t until Edmund Cartwright built the first power loom in 1785, however, that the textile industry took off. By automating a key manufacturing process Cartwright revolutionized the textile industry. As the numbers above indicate, cyber-security is ripe for a similar revolution.

Seculert was founded on the idea that certain aspects of attack identification must be automated to reclaim the initiative from the adversary. Using a combination of security analytics, proprietary attack profiles, and supervised machine learning, Seculert has automated the process of finding attacks that have circumvented legacy prevention systems.

By only delivering “True Positive” infection reports to security teams, Seculert greatly reduces the time required to find and remediate new attacks. Seculert customers report that deploying our Automated Attack Detection Platform is equivalent to finding (and training) 5-10 new security analysts. Automation of the attack identification process will drive the next revolution in cyber-security and Seculert is leading that revolution.

find out more

You Can't Kill What You Can't See

As recent breach disclosures have revealed, it’s entirely common for an enterprise network to be breached weeks or months before any evidence emerges that it has been compromised…

At Seculert, we are committed to providing three different types of visibility to our customers:

  1. Visibility on currently active attacks on our customer’s networks with extremely high fidelity and precision. We call this “True Positive” infection reports. If we report that a specific device is infected…it IS. There’s no further investigation or analysis required. Many Seculert customers just feed these reports directly into their trouble ticket system for rapid remediation
  2. Visibility on overall security system performance…what’s working, what’s not, and why.
  3. Comparative visibility on how our customer’s security systems are performing relative to similar enterprises with comparable security postures.

AND we provide this visibility regardless of whether you’re running a world class Security Operations Center or you’ve outsourced this function to one of the leading MSSPs. Regardless of how you run IT security operations, you’re entitled to see what’s attacking you.

find out more

Instant Visibility

The Seculert Platform is 100% cloud based and can literally be deployed overnight and start pinpointing compromised users and devices immediately…

The attack detection service scales across domains, geographies and operating environments without impacting any of the on premises breach prevention systems in place. In fact, the Seculert Attack Detection Platform can make those systems more effective by providing data from Seculert’s detection analytics engines to them to prevent future re-infection.

Seculert’s “No Hardware – No Software” approach means that corporate and remote facilities and employees get the same protection from the first day. It also means that complete automated attack detection can be achieved with the expenditure of zero CAPEX.

Finally, the Seculert Platform offers tremendous deployment flexibility in terms of how the attack analytics data is presented to SOC analysts. We offer both dashboard and executive “report” format UI options. Alternatively, for those enterprises with existing SIEMs or security analytics tools in place, the data can also be presented within the tools which the SOC team already uses.

find out more

Latest From The Blog

Nov 15, 2015 6:30:00 AM

Seculert Revamps Incident Review Workflow in Seculert Web...

visit the blog

When responding to cyber attack incidents SOC teams need to be able to prioritize and to minimize time between alert and containment.

Through an Incident Review workflow, SOC users can quickly triage Seculert incidents and drill down to details easity.

Pertinent information helps accelerates triage: Malware riskiest capability, time infection was last seen or detected, duration, and number of communication records.

Incidents where malicious communication with a C&C host was ‘Allowed Through’ are marked as prioritized.

You can also navigate between different Incident Zones: Internal, Remote Access, Partners, and Customers and filter incidents.

A drill down to Incident Details tells the story through answering ‘Who?’, ‘What?’, ‘When?’ questions.

‘Who’s affected?’ reports machine IP, machine name, machine location and user name.

‘What Happened?’ reports malware type and capability, C&C host , was there a successful malicious communication.

‘When?’ shows incident timeline.

'Risks and Recommendations' help further prioritize incident alert and plan response.

‘Forensics’ reports the raw log data or intercepted Botnet data, and sandbox analysis a sample of the malware (when available).

It is important to note that in order to view all the records, you should use the ‘Export’ button.
In addition, since the sandbox analysis is of different malware sample than the one infecting your network, the IoCs might be different from the actual ones in the incident.

For more information about the new Incident Review, login to the Seculert portal or contact your account manager today.






Unsplashed background img 2

news alert

What's New at Seculert

latest press

Oct 8, 2015 5:00:00 AM

Seculert Provides New and Unique Attack Visibility Dashboard for CISOs

Santa Clara, Calif. – October 8, 2015 – Seculert, a leader in automated attack detection and analytics, today announced a new attack visibility dashboard that is designed to uniquely meet the needs..

view more

in the news

SecurityWeek - September 24, 2015

Seculert Appoints Richard Greene CEO

Automated attack detection and analytics firm Seculert this week announced that Richard Greene has been appointed as its new Chief Executive Officer.

view more

“Deploying Seculert was like hiring three extra security analysts for a fraction of the cost, and these three never sleep!”

Richard Rushing, CISO, Motorola Mobility

Unsplashed background img 3

Unsplashed background img 2