TechnologyCorvil Cara: Virtual Security Expert

Continual Cybersecurity Risk Assessment Powered by Machine Learning Algorithms

Assess and Prioritize Cybersecurity Risks within the Electronic Trading Environment

Corvil Cara provides daily cybersecurity risk assessment and threat detection based on automated, zero-performance impacting analysis of all machine activity in the environment.

Corvil Cara continually identifies abnormal changes and activities by baselining normal behaviors with machine learning algorithms. The detected anomalies are automatically correlated with other threat detection algorithms to:

  • Assess an overall security risk score for every machine
  • Prioritize the riskiest issues that require further attention
  • Generate alerts for the security operations center

Designed for use in latency-sensitive and high-throughput environments, Cara can be added to any Corvil appliance. It takes 30 minutes to get up and running, then begins automatically analyzing, learning and reporting daily insights suitable for non-expert IT and business professionals along with detailed drill-downs to improve the productivity of security analysts.



  • Continual, automated analysis and learning leveraging the most granular, time-series machine activity data monitored on the network
  • Machine learning algorithms tailored to identify cybersecurity anomalies automatically
  • Correlates findings from multiple anomaly and threat detection methods to prioritize the riskiest issues
  • Streamlined access to payload inspection for forensic investigation
  • Simplified deployment leveraging existing zero-impact monitoring instrumentation
  • Integration into broader ecosystems of cybersecurity, business, and regulatory solutions

"Corvil Virtual Security Expert gives security teams a relatively quick way to extend automated risk assessments, which combine machine-learning anomaly detection and threat detection analytics, to electronic trading networks."

Dan Cummins, Senior Analyst, Security, 451 Research

Applying Machine Learning Algorithms to Reliably Assess Ongoing Cybersecurity Risks

Knowing whether detected anomalies are truly anomalous.

Experienced IT professionals know that networked environments are often more dynamic and changeable than most others assume. When changes and deviations from “normal” are not particularly unusual, can one trust that the detected anomaly is truly anomalous?

Corvil Cara’s algorithms automatically analyze the data to learn what infrastructure is showing stable behavior over time and what are not. Corvil uses these predictable baselines to more reliably identify deviations and anomalies as inputs to risk assessments. Additionally, insight into the dynamic infrastructure can be used by trading operations and cybersecurity teams to collaborate on appropriate procedures and policies to further secure the environment.

Avoiding additional anomaly noise to SIEMs.

Simply delivering a list of anomalies identified by machine learning algorithms may inadvertently add to the existing alert noise streaming into most SIEMs.

Instead of delivering a glut of disconnected anomaly details, Corvil Cara automatically provides content enrichment. By adding contextual dimensions of user, host and threat intelligence to anomalies identified by machine learning, Corvil automatically conducts the risk assessments that would otherwise be carried out manually. Pinpointing the riskiest hosts in this way minimizes alert noise, reduces analyst investigation times from hours to minutes, and prioritizes their efforts more effectively.

Obtaining full visibility into machine activities.

The high-performance, high-volume nature of financial market networks often precludes traditional monitoring techniques such as system or application logging, which is often intentionally shut down to minimize performance hits.

In contrast, Cara leverages network instrumentation and decoders to analyze activity data from every packet, during every microsecond. Unlike competing network based security solutions, Corvil Cara discovers and makes sense of user and business context of all trading sessions, market data streams and non-trading traffic to use as inputs to the overall risk assessment.

Continual Security Risk Assessment Leveraging Corvil Cara Machine Learning Algorithms

Continual Security Risk Assessment Leveraging Corvil Cara Machine Learning Algorithms


Eliminate Blind Spots

Identify anomalous activities, detect threats and assess risk with broad visibility across the environment, even the activities of uninstrumented hosts and devices.

Simplify Continual Assurance Reporting

Daily updates with business-level risk scoring provide assurance that evasive activities or anomalies are not lurking unseen within the environment.

Improve Productivity

Reduces analyst investigation times from hours to a few seconds and prioritizes their efforts more effectively using automated machine learning, threat detection analytics, and contextual correlation.

Maximize ROI

Single platform for risk and compliance data, cybersecurity analysis, big data streaming, performance monitoring and troubleshooting reduces cost and complexity.

Solution Arcitecture

Solution Arcitecture