Continual Cybersecurity Risk Assessment Powered by Machine Learning Algorithms
Corvil Cara provides daily cybersecurity risk assessment and threat detection based on automated, zero-performance impacting analysis of all machine activity in the environment.
Corvil Cara continually identifies abnormal changes and activities by baselining normal behaviors with machine learning algorithms. The detected anomalies are automatically correlated with other threat detection algorithms to:
Designed for use in latency-sensitive and high-throughput environments, Cara can be added to any Corvil appliance. It takes 30 minutes to get up and running, then begins automatically analyzing, learning and reporting daily insights suitable for non-expert IT and business professionals along with detailed drill-downs to improve the productivity of security analysts.
"Corvil Virtual Security Expert gives security teams a relatively quick way to extend automated risk assessments, which combine machine-learning anomaly detection and threat detection analytics, to electronic trading networks."
Dan Cummins, Senior Analyst, Security, 451 Research
Experienced IT professionals know that networked environments are often more dynamic and changeable than most others assume. When changes and deviations from “normal” are not particularly unusual, can one trust that the detected anomaly is truly anomalous?
Corvil Cara’s algorithms automatically analyze the data to learn what infrastructure is showing stable behavior over time and what are not. Corvil uses these predictable baselines to more reliably identify deviations and anomalies as inputs to risk assessments. Additionally, insight into the dynamic infrastructure can be used by trading operations and cybersecurity teams to collaborate on appropriate procedures and policies to further secure the environment.
Simply delivering a list of anomalies identified by machine learning algorithms may inadvertently add to the existing alert noise streaming into most SIEMs.
Instead of delivering a glut of disconnected anomaly details, Corvil Cara automatically provides content enrichment. By adding contextual dimensions of user, host and threat intelligence to anomalies identified by machine learning, Corvil automatically conducts the risk assessments that would otherwise be carried out manually. Pinpointing the riskiest hosts in this way minimizes alert noise, reduces analyst investigation times from hours to minutes, and prioritizes their efforts more effectively.
The high-performance, high-volume nature of financial market networks often precludes traditional monitoring techniques such as system or application logging, which is often intentionally shut down to minimize performance hits.
In contrast, Cara leverages network instrumentation and decoders to analyze activity data from every packet, during every microsecond. Unlike competing network based security solutions, Corvil Cara discovers and makes sense of user and business context of all trading sessions, market data streams and non-trading traffic to use as inputs to the overall risk assessment.
Identify anomalous activities, detect threats and assess risk with broad visibility across the environment, even the activities of uninstrumented hosts and devices.
Daily updates with business-level risk scoring provide assurance that evasive activities or anomalies are not lurking unseen within the environment.
Reduces analyst investigation times from hours to a few seconds and prioritizes their efforts more effectively using automated machine learning, threat detection analytics, and contextual correlation.
Single platform for risk and compliance data, cybersecurity analysis, big data streaming, performance monitoring and troubleshooting reduces cost and complexity.