Attack indicators are spread across multiple sources in a network. A single attack can leave behind several footprints in firewall, servers, applications, netflows, proxy, packets and several other sources. Analytics that are focused on a single entity or source such as packet or user behavior analytics will miss the full attack.
Paladion’s MDR is delivered through its proprietary RisqVU platform that is truly a multi-source big data analytics platform. Applying analytics concurrently to multiple sources of IT, network, users and business data, RisqVU helps visualize a single view of the attack. For example, detecting watering hole attacks will need simultaneous analysis of data from proxy, email traffic and packets. RisqVU differs from existing big data analytics products in its ability to apply machine learning algorithms in parallel to multiple data sources for same use case of an attack.Speak to a MDR expert today
Multi-source analytics not only gives you the broader picture, it also helps in removing false positives. Traditional platforms rely on outliers or pattern detection, which are prone to high false positives.