XM Cyber acquires Confluera ─ Read Here.
Confluera combines behavioral analytics and ML powered anomaly detections to detect a broad spectrum of suspicious host and network behaviors in real time. What makes it special is the noise reduction and low false positives to intercept threats ‘that matter’ , thanks to the continuous attack graph approach.
Real-time Threat Storyboarding delivers real-time causal execution narratives as they take place and autonomously surface the ones that exhibit suspicious behaviors on their trails. You'll see the entire activity narrative precisely-number of hosts and containers trailed by the adversary, suspicious activities within them, the amount of time spent in each workload, across any number of workloads, and any amount of time.
Real-time Threat Storyboarding is powered by Confluera’s patented Continuous Attack Graph fabric based on T-DAG (Transactional Directed Acyclic Graph) concepts. The technology models each and every execution trailed within the infrastructure as an activity graph and then ranks each graph by the degree of suspicious behavior exhibited along the way.
Workload and Cloud infrastructure telemetry are causally connected into infrastructure-wide activity sequences.
Security signals from native Confluera detections and third-party security results are then applied to activity sequences.
Attack chains are automatically prioritized based on the cumulative risk of signals on activity sequences.
Context sensitive response actions evict the attacker and removes any backdoors
At the heart of Confluera’s Continuous Attack Graph technology is its ability to accurately track the adversary's trail in real-time. It uses an array of proprietary instrumentation techniques and algorithms that stitch underlying container and host activities along with east-west lateral movements between containers and hosts to track every step of the adversary, right from where it entered the infrastructure to where it has currently moved to.
Most undetected attacks have large dwell times where the attackers patiently wait several months on each jump point before initiating the next move. Confluera’s causal event chaining technology inherently stitches a new event to its underlying causal graph instantly, even if the underlying graph has been dormant for minutes, hours, days, weeks, or months. Confluera has complete context to purge inactive entities in these graphs that make them highly space efficient compared to other EDR + SIEM or XDR solutions.
Attacker activities, both malicious and benign, manifest themselves from different vantage points. To spot an attack, security teams must have a wide-angle view of the infrastructure. The more you can see, the better equipped you are to intercept bad actors.
Confluera’s XDR engine integrates detections and telemetry from threat intelligence feeds and other security tools into its threat storyboards, enabling high confidence threat detection and speeds up investigations.
Even seemingly benign detections matter when detecting attackers using living off the land techniques to perform discovery, reconnaissance, and lateral movements. But most of these weak but critical detections get lost in the haystack. Confluera’s Continuous Attack Graph technology constantly stitches every signal from different tools and escalates the threat storyboard when a combination of weak signals indicates a malicious pattern.
Confluera automatically generates remediation recommendations at the storyboard level based on the hosts, applications, processes, users, and network connections involved in each storyboard. Furthermore, Confluera’s Continuous Attack Graph technology keeps the attack graph continuously updated such that the list of recommendations only applies to entities that are live and active at that time.
The true test of an XDR is not the number of sources it can integrate with. It is the ability to process telemetry from those sources fast enough to detect an attack in real-time and give your team the opportunity to intercept it while it is unfolding.
Confluera’s purpose-built architecture is designed to handle very high stream-rates of telemetry from a wide variety of sources, and still deliver real-time event stitching and IOC detection for environments with tens of thousands of workloads.
Confluera uses a fundamentally different approach to threat monitoring -- which drastically reduces the need to chase individual detections or alerts. Through a refined set of risk-prioritized storyboards curated at run-time, SecOps teams achieve near-zero time to conclude whether detections are benign or whether they are part of a larger attack narrative brewing underneath.
Analysts spend most of their investigation efforts identifying related events across multiple tools and constructing the timeline. Confluera speeds up this investigation process by connecting the events across various tools and automatically surfacing storyboards worth investigating further.
Significantly reduce MTTD of multi-stage attacks with real-time storyboards, rather than chasing down isolated events and manually correlating them after the fact.
Protect yourself from sophisticated attacks by leveraging a novel ability to unify holistic security visibility to accurately track threats in real-time. Fully leverage your existing security investments, detect threats early and stop them before ultimate damage.
