• AI & ML-based Threat Detection o Self-learning artificial intelligence to track and model the network, learning what is normal for device or account presence, and traffic patterns. o Supervised machine learning for behavioral understanding and anomaly detection. Is it normal, false-positive, expected business activity, or something else, etc. o Behavioral clustering using advanced pattern detection methods like matrix, density, and hierarchical classification. o Deep Learning leveraging neural network processes to assist in classifying and scoring of anomalous activity for detection and remediation. o Continuous Triage by iteratively analyzing all relevant alerts and identifying higher level incidents. o Curated threat intelligence is regularly incorporated into the model. • AI & ML-based Threat Response o Automated Response to triggers of event types and conditions that execute a rule or playbook and initiate an incident response. o Autonomous Response to have scheduled windows where AI-driven. Unsupervised machine learning techniques dynamically react to anomalous detections in real-time with intelligent response without human intervention or pre-programming. o Zero-day defense to detect and block malicious attacks immediately as they occur, without prior knowledge of the vulnerability or attack method being exploited. o Ransomware defense to detect the presence of ransomware and take immediate action to block, isolate, or neutralize the attack. o Real-time detection and ability to block/isolate/neutralize malicious activities such as APTs, Nation-state Espionage, Data Exfiltration, Insider Threat, and employee misuse. o Native actions not requiring a 3rd -Party integration to respond to an incident or triggered behavior. o Approval configuration of selected AI generated actions for SOC team to review, approve, or override suggested actions. o Anomalous Admin Activity detection and tracking of Users with administrative privileges on a system or network.
