The Cybersecurity space is crowded – tons of vendors, tons of attack vectors, tons of noise. If you’re a fortune 500 company, you have the luxury of owning one of everything and a massive security team to go and manage those tools in a fully integrated SOC. But if you’re a smaller company, you have to make choices. Do I need another security tool?
In an effort to deliver real value to clients, we’ve resisted the urge to be all things to all people. Instead, we’re LASER focused on doing what we do better than anyone else – finding threats by using AI/ML to pinpoint anomalies in network flows.
Network vs (Endpoint vs User vs Logs)
When attackers or malicious insiders move against a company, their unauthorized activity can be observed from any number of perspectives, but unless the attacker directly logs into the target machine or sticks a USB drive directly onto the critical asset, they are going to have to move through your network to get to the target. Attackers can’t hide on the network.
It’s great that you already have a firewall, but if an attacker got passed your firewall, how long could they roam around your network undetected?
It’s great if you’ve already deployed an endpoint tool, but do you have it installed on all of your machines? Your printers? Your IP Cameras?
It’s great if you’ve already deployed a User Entity Behavior Analytics (UEBA) or SIEM tool, but is it covering all of your applications and all of your users? Did you want to deploy one, but we’re concerned about the cost/ROI?
Network Flows vs Network Traffic
CyGlass uses only NetFlow data – not the full body. Most firewalls and routers can be configured to emit NetFlow, so it’s easily available. Since NetFlow traffic is much less dense than full network traffic, CyGlass doesn’t require a massive hardware appliance. CyGlass is great for distributed businesses (bank branches, insurance offices, law offices etc.) that have remote facilities that need to be kept safe. It also doesn’t process any Personally Identifiable Information (PII) or have to deal with encrypted traffic.
Network Anomaly Detection using AI/ML vs Rules
Detecting anomalies using network traffic isn’t a new idea – snort has been around since 1998. What makes CyGlass different is that it doesn’t rely on rules to spot threats. The problem with rules is that they only work on known attacks, they have to be maintained by someone knowledgeable.
CyGlass detects anomalies in networks. It doesn’t take any remediation action itself, but thanks to our new partnership with Netshield, when CyGlass detects an anomaly, we can use the Netshield agentless NAC to take the offending node offline.
Try CyGlass for Yourself
There has been a TON of hype around AI/ML, so I’ll spare you. CyGlass is an easy to deploy cost-effective SaaS solution. We’re offering FREE TRIALS to prove that CyGlass delivers.Back To Blog