The Cyber Security Detection Landscape

In order to achieve a secure system, we need to augment protection solutions with detection and response. Since attacks happen in all layers of the software stack, we augment protection solutions in each layer with a detection solution.

NDR (Network Detection and Response) in the network layer complements firewall and IPS solutions

EDR (EndPoint Detection and response) complements EPP solutions in the OS device layer

CASB solutions complement authentication mechanisms in the access layer

Application Detection 
and Response

The goal is to swiftly detect malicious activity

The longer it takes to detect an attack or malicious activity, the more costly the damage due to the malicious activity.

These Detection Solutions - NDR, EDR, CASB - Are Based on Two Main Technologies

Rules/patterns that define forbidden activities at the various layers

Frequency/volumetric statistical analysis of the user and entity activities (UEBA) at the various layers

These two technologies are applicable on device, network and access layers due their commonalities (for example, in the network layer, we all use the same network protocols). This is why UBEA has been implemented mainly in the access, device and network layers but not in the application layer.

ADR in the Cyber Security Detection Landscape

Sounil Yu explains Application Detection and Response

Why Does Application Layer Detection Require a New Approach?

Each application has its own activities and log formats, which means the detection standard for applications today is based on rules and patterns that are tailored for each application based on its activities. 

Rule based detection detects only known attack patterns, generates a high number of false alerts, requires constant expensive maintenance, and it doesn’t scale. Thus, a new approach to detect malicious activities is required.

The need for a new approach is emphasized by the transition from on-prem business applications to SaaS applications and cloud based applications, as well as the exposure of application layer services via APIs.

RevealSecurity’s Innovative Approach to Application Detection and Response

RevealSecurity’s solution applies a completely different approach to application detection by adopting the concept of user journey analytics for detecting malicious activities at the application layer. Analyzing the entire user journey (i.e. the user session) provides the detection mechanism with a context that is crucial to achieving the high accuracy expected from a detection solution. 

In addition, RevealSecurity has generalized the user journey analytics in order to make it applicable for every application, whether custom built or SaaS.

 
footer_dotts.png
footer_dotts1.png

Reach out to us to find the needle in your haystack!

HQ Address

4 Yaakov Rosen St, Ramat Gan 5246208, Israel