Awake Security Unveils Advanced Security Analytics
The company also announced today that it has closed more than $30 million in funding from leading venture firms Greylock Partners and Bain Capital Ventures.
Awake’s advanced security analytics provide security teams the insights needed to immediately understand the scope and impact of observed behavior and investigate only credible alerts and threats. By cutting out cumbersome tasks during the investigative process, Awake enables analysts to focus on high-value security work, speeding the detection of insider threats, corporate espionage, lateral movement and data exfiltration. By capturing the knowledge and conclusions a security team develops while doing its work, Awake lets teams get better and more effective every day; facilitates collaboration, training and evaluation; and makes security work more rewarding.
“Security tools today generate massive amounts of alerts and data, but have utterly failed to account for how useful or contextual that data is to security teams. As a result, analysts have to manually connect the dots to hunt for threats, an exhausting process for even the most experienced investigator,” said Gary Golomb, Awake’s cofounder and a world-renowned investigator. “Awake is unleashing a new model for security operations by letting analysts explore devices instead of IP addresses, people instead of packets, data instead of protocols and activities instead of sessions. This empowers the analyst to target and stop the threats that truly matter.”
A Solution to Detect, Investigate and Hunt for Threats that are Currently Missed
Developed based on research with hundreds of security professionals and more than a dozen Fortune 500 and Global 2000 SOCs, Awake uses machine learning and data science to embody the expertise of the world’s foremost investigators in a broad-based analytics solution.
"From operations to stores to ecommerce, our digital strategy is transforming our business," said Richard Noguera, CISO at Gap, Inc. and an Awake Security design partner. "And security is foundational to our strategy. We are continuously looking at the latest techniques and technologies for rapid threat detection and response. Our partnership with the Awake team has allowed us to provide our feedback while engaging with world-class investigators and security professionals to help design and build their solution - a truly refreshing approach."
The Awake hybrid SaaS architecture has two key components: the Awake Analytics Hub that resides in an organization’s on-premises or cloud environment, and the SaaS back-end hosted in the Awake cloud, which provides operational monitoring, software upgrades and intelligence updates to each Analytics Hub. Awake’s advanced security analytics rest on a proprietary set of rich parsers that capture and process data requiring no integrations other than a simple network connection.
Awake then uses a multidisciplinary approach that leverages patterns, heuristics, and machine learning to build a patent-pending Security Knowledge Graph data model that automatically identifies and tracks real-world entities such as devices, users and domains. Analysts can then interrogate this model using a human-friendly vocabulary. The Security Knowledge Graph also captures the conclusions and discoveries made by team members, improving collaboration and training while preserving otherwise undocumented tribal knowledge.
The Security Knowledge Graph enables and is enriched by EntityIQ™ algorithms that surface notable entities within the model and cluster similar ones. Through the wokflow-driven Awake user interface, EntityIQ can also predict the questions analysts are likely to ask, pointing them to the next investigative path quickly and effectively.
Awake’s ActivityIQ™ analytics correlate network traffic to entities in the data model and visualize the attack timeline as a victim would experience it and as a skilled investigator would piece it together. Awake thus eliminates the need to sift through raw data.
By offering the ability to accurately understand entities and associated activities in near-real time, Awake allows analysts to focus on high-value security work, including:
Network Traffic Analysis: Awake’s entity-centric view lets analysts see all network traffic, with devices fingerprinted and tracked across IP addresses. It offers insight into internet of things (IoT), BYO and other devices not discoverable with log or agent-based approaches. Watchlists created using Awake’s behavioral query language also help detect attacker activity that occurs after an initial compromise, which today often goes unnoticed.
Alert Investigations: Analysts can easily pivot from an alert indicator to a deep device understanding. This includes behavioral analytics about the device and analysis of similar devices for wider campaign analysis. By viewing consequential artifacts associated with the device, analysts know what questions to ask next.
Proactive Threat Hunting: Awake provides analysts with investigative starting points by highlighting notable entities exhibiting anomalous behavior. The rich and responsive user interface enables efficient hunting by allowing analysts to quickly filter and query the Security Knowledge Graph data model in real time, not just for indicators of compromise, but also for entity behaviors and activities.
“When it comes time for a security analyst to roll up their sleeves and dive into an incident, the flood of event information from security tools can be more distracting than helpful,” said Eric Ogren, senior security analyst at 451 Research. “The network doesn’t lie, so tapping into network data, automating the analysis and presenting it in a way that will help connect the dots in an investigation will make a significant impact in empowering analysts to more efficiently clear investigations.”
The Awake advanced security analytics solution is available immediately.
About Awake Security
Awake Security provides the only advanced security analytics solution that delivers deep visibility and answers to questions that cannot even be asked today, improving productivity tenfold. The company’s patent-pending Security Knowledge Graph™ data model uses machine learning and data science to automate painstaking analyses expert investigators perform. It identifies and tracks network entities as humans think of them and highlights entity attributes, relationships, behaviors and activities. This enables analysts to proactively detect, hunt, investigate and respond to threats. Awake is built on a foundation of more than two years of research with hundreds of security professionals and more than a dozen security teams. The company is backed by Greylock Partners and Bain Capital Ventures and is based in Mountain View, CA.