Behavioral Anomaly Detection
Corvil detects and prioritizes abnormal user behaviors and suspicious host activities on the network.
Once attackers breach traditional defenses, they become insider threats and change the behavior of the compromised account.
Employees with malicious intent are rare, but they devastate organizations by using legitimate access for irregular activities.
Organizations struggle to identify and prioritize behavioral changes because logged activity data is vast, spread across multiple systems, and difficult to link to malicious intent.
Corvil solves this problem by combining machine learning, granular network activity data, and automated risk scoring.
Corvil learns distinctive behavioral patterns associated with each user with several machine learning algorithms, each tailored for different types of network data and activities. The algorithms continuously assess how much a user’s overall behavior deviates from those distinctive patterns.
Corvil continually identifies abnormal changes and rogue hosts by baselining host connectivity and activities patterns, including those of uninstrumented hosts and IoT devices. The stability of system behaviors is automatically analyzed to more reliably identify deviations and anomalies.
Machine learning works better when applied to detailed, normalized data. Corvil’s deep packet analysis and context enrichment provides more details on what each user is doing on the network. The more details being analyzed, the more accurate the algorithms are in identifying behavioral patterns.
Anomalous changes in behaviors are correlated with other network attack indicators, detected in real time, into an overall risk score. Pinpointing the riskiest users in this way minimizes noisy alerts, reduces triage investigation from hours to seconds, and prioritizes analyst efforts more effectively.