Detecting intruders in near real-time by passively monitoring a network link within which an intruder is traversing.
The Sapien System fuses multiple Intrusion Detection Engines together to discover the presence of any malicious infiltration and raises Alerts for any abnormalities identified within the network traffic.
Each Intrusion Detection Technology extracts different features within the network traffic using different algorithms. These detection and recognition techniques of signature detection have been engineered to complement each other during the ingestion process of the system.
This approach minimises the false alarm rate and increases incident detection/response performance by accurately correlating and aggregating the responses from multiple sensors.
Multiple sensors ‘sniff’ the ingested network traffic and produces alerts for the presence of an attack. These alerts are processed to produce a common Event if the system determines that further investigation is required.
This process significantly improves the performance of detection by reducing false positive alerts to ensure that the Security Operations Team only investigate credible alerts.
Malware detection ensures that any suspicious files are reported and sandboxed for analysis. This enables a deeper level of understanding to be gained through a thorough analysis of the motivations and goals of the malware breech.
The tools allow different file types to be analysed, behavioural investigations to be carried out and memory dumps from the machines.
Machine Learning features to automate the process of creating behavioural inferences in the data and identifying anomalous patterns.
Sapien utilises proprietary algorithms to detect and score statistically significantly anomalies within the ingested network data. These indicators of compromise could include deviations in counts and frequencies, rare events or unusual behaviour that exceeds normal thresholds.