What is Broad Context Detection?
Understanding the scope of a targeted attack is easy with a broad context of detections visualized on a timeline that includes all impacted hosts, relevant events and recommended actions. The service uses real-time behavioral reputational and big data analysis to automatically place detections into the context, and to include risk levels, affected host criticality and prevailing threat landscape.
- Natively designed for real-life orchestrated, polymorphic attacks
- Incidents are placed in the context of prevalent situations
- Combines risk level, affected asset groups and prevailing threat landscape
- Detects root causes based on a flow of disparate events from a multitude of hosts
The Broad Context Detection is supported by Machine Learning engine that learns to distinguish attacks from the noise. The engine works so that all the past decisions (False positive/True positive) create a training set for the engine. All the newly coming detections are being investigated to determine how likely it is that the new detection (based on historical detections) is a false positive.