The Cyber Security Detection Landscape
In order to achieve a secure system, we need to augment protection solutions with detection and response. Since attacks happen in all layers of the software stack, we augment protection solutions in each layer with a detection solution.
NDR (Network Detection and Response) in the network layer complements firewall and IPS solutions
EDR (EndPoint Detection and response) complements EPP solutions in the OS device layer
CASB solutions complement authentication mechanisms in the access layer
The goal is to swiftly detect malicious activity
The longer it takes to detect an attack or malicious activity, the more costly the damage due to the malicious activity.
These Detection Solutions - NDR, EDR, CASB - Are Based on Two Main Technologies
Rules/patterns that define forbidden activities at the various layers
Frequency/volumetric statistical analysis of the user and entity activities (UEBA) at the various layers
These two technologies are applicable on device, network and access layers due their commonalities (for example, in the network layer, we all use the same network protocols). This is why UBEA has been implemented mainly in the access, device and network layers but not in the application layer.
ADR in the Cyber Security Detection Landscape
Sounil Yu explains Application Detection and Response
Why Does Application Layer Detection Require a New Approach?
Each application has its own activities and log formats, which means the detection standard for applications today is based on rules and patterns that are tailored for each application based on its activities.
Rule based detection detects only known attack patterns, generates a high number of false alerts, requires constant expensive maintenance, and it doesn’t scale. Thus, a new approach to detect malicious activities is required.
The need for a new approach is emphasized by the transition from on-prem business applications to SaaS applications and cloud based applications, as well as the exposure of application layer services via APIs.
RevealSecurity’s Innovative Approach to Application Detection and Response
RevealSecurity’s solution applies a completely different approach to application detection by adopting the concept of user journey analytics for detecting malicious activities at the application layer. Analyzing the entire user journey (i.e. the user session) provides the detection mechanism with a context that is crucial to achieving the high accuracy expected from a detection solution.
In addition, RevealSecurity has generalized the user journey analytics in order to make it applicable for every application, whether custom built or SaaS.
Reach out to us to find the needle in your haystack!
4 Yaakov Rosen St, Ramat Gan 5246208, Israel