As the demand for advanced security solutions grows, organizations are gradually realizing the need to go beyond perimeter based defences. They need to detect unknown threats, despite weak signals, in real-time. Only solution to this problem is to analyse user traffic, identify relevant patterns, and gain a clear insight on potential threats. Spotting this as an opportunity—as well as a challenge—Reveelium, the American subsidiary of a European-based cybersecurity provider, decided to develop a solution with advanced threat detection techniques. Rigorous R&D and collaboration with specialized labs allowed professionals at the company to launch in 2012 a behavioral analysis platform— Reveelium AI. Reveelium juxtaposes machine learning and statistical analysis to detect anomalies resulting from unknown malware, ransomware, and infamous APT (Advanced Persistent Threat).
Reveelium intelligent system is an innovative solution that enables real-time detection of abnormal behaviors. It uses Big Data Engines to deal with copious amounts of data generated through logs, services, and information system applications. Continuous surveillance enables organizations to tackle the 3Vs of Big Data: Volume, Variety, and Velocity. It generates relevant data and combines them in reports perfectly tailored to the business needs. Jean Nicolas Piotrowski, CEO & Founder of the parent company, states, “Reveelium empowers top management to ameliorate their decision-making process by furnishing a deeper insight into the real issues.”
Reveelium intelligent system is an innovative solution that enables realtime detection of abnormal behaviors
Reveelium uses statistical analysis methods to spot anomalies in large volumes of data and to test specific hypotheses. At the same time, it applies machine-learning algorithms to model and forecast behaviours of the analysed entities. Radically different from ‘if/then’ paradigm, Machine Learning (ML) algorithms built into Reveelium detect even the weakest of signals. Furthermore, Reveelium integrates contextual information from various threat intelligence sources to discover which piece of ‘behavioral puzzle’ correlates with a cyber-attack. Finally, it integrates online feedback from the end-users to improve its prediction and minimize false positive alarms. It relies on processing system logs, Windows domains information, DNS servers and proxy, and application data. By doing so, it can also detect weak signals that may hint at the existence of an APT or data theft by identifying behavioral deviations, and use it to enrich and filter the collected information to generate alerts.
Proactively protecting IT assets, Reveelium brings potential issues to the fore before they get to the point of no return. It makes organizations a more difficult target from unscrupulous cyber activities. Reveelium’s machine learning capabilities enable operators to reduce alert fatigues drastically, resulting in as much as 20 times lesser false positives. It has a significantly lower average detection time, improved from 12 months to one week. By reducing 50 percent the time dedicated to surveillance, Reveelium enables operators to gain marked improvements in their productivity; lesser alerts means operators can focus on important activities.
For one of its Europe-based clients operating in agri-business and with over 1500 employees, the company has deployed behavioral-analysis and APT-combat system in their SOC (Security Operations Center) to processes logs from security assets, Windows Domains, DNS and proxy servers, and applications. After deploying Reveelium in such highly restrained environment, the client was able to detect an APT that had been lurking for several weeks. It has also helped reduce the time dedicated to surveillance and eliminated many false positives. So far, the company has served nearly 25 clients and has been declared the Winner of the 2015 IT Security Trophy in ‘Intelligent automated detection system’ category in France. In the coming years, the key focus areas for company are to develop various other use cases tailored to Fintech, e-health telecom, and advanced fraud detection.