Insight into intent – and a vast database to draw from

If you had to invent the perfect SIEM from scratch it would combine a rules-free engine and a voluminous and continually updated database of threats. Well, the dream SIEM is here today. empow uses its proprietary AI and natural language processing to read the minds of attackers and determine the intent of each kernel of IP data.

This power is now integrated with Elastic’s database and search capabilities. Think of it as an integrated “SIEM empowered by ELK” - bringing enterprises a single place to manage all of their IT and data security functions. It’s a scalable data lake solution, with empow’s SIEM serving as an active infrastructure brain that detects, confirms and prevents attacks before they do harm.

It Works for

Ransomware

Financial data-leak

Privilege escalation

Insider threat

Intelligence gathering

Personal data-leak

The World Is a Risky Place.

Here Are Four Ways our SIEM – and Only
Ours – Is Built For It.

Automatically identifies and mitigates advanced threats missed by single (siloed) tools – no rules required.

Proactive – powerful AI enables constant identification of new attack patterns

Reduces noise by at least 90% and increases security operation effectiveness by 10x

Provides ONE source for best in class searchable data-lake (by Elastic) integrated with intent-based NG-SIEM.

An Intent-based Security Language

empow provides a strategic, vendor agnostic, intent-based security language – which allows customizing, or using pre-built targeted defense models (Security Apps). The intent-based security language is vendor agnostic, and mirrors advanced attack kill-chain models, the taxonomy of attackers’ tactics, techniques and procedures, and is further extended with community terms.

An Adaptive Security Platform

empow’s adaptive security platform sits on top of the network infrastructure and actualizes the intent-based security language by translating targeted defense models (Security Apps) into coordination instructions for detection, investigation and response according to each Security App. The Platform effectively implements and executes these throughout the organization’s existing security tools and network infrastructure.

How It Works

empow’s solution is made possible by empow’s proprietary AI technologies, which are strategically integrated into the following process:

1
Data Sources
2
Deciphering
Attacker Intent
3
Cause-and-effect analytics
identifies real attacks
4
Response Orchestration

Security Applications

Each Security Application represents a smart orchestration model that protects against a threat scenario or attack campaign. Each app includes detection, investigation and decision workflows that strategically assemble different security particles, integrating the most appropriate and effective capabilities from the network . Leveraging the abstracted language of intent makes the Apps strategic, vendor-agnostic, and adaptive in activating the underlying infrastructure of security products and network devices.

1

Data Sources

The integrated SIEM empowered by ELK collects all types of IT data including security logs, security intelligence feeds, OS logs, servers and application logs, network flow data and more, by using a range of available data source plugins.

2

Deciphering Attacker Intent

empow’s AI and NLP (Neutral Language Processing) and Adaptive Expert Engines, classify attacker’s anomaly behavior and intent. Three main types of malicious intent classifications are done: User entity anomaly classification, Network traffic anomaly classification and Security events classification. This process runs continuously and automatically, with virtually zero human involvement, and marks the logs and events with intent metadata which is indexed into the elastic DB. Examples of intent classification include: External recon, external delivery types, local and remote privilege escalation, PII data scraping, financial data scraping, and ransomware.

3

Cause-and-Effect Analytics Engine

empow’s security analytics engine identifies cause-andeffect relationships between the collection of deciphered intents, grouping them together and prioritizing the real attack stories and compromised entities in the organization. This engine emulates human security expert processes, identifying the real attacks out of all the noise and deciding, according to the attack intent, which investigation policies are required, and which proactive response policies to employ.

4

Response Orchestration

empow’s Contextual Orchestration Engine dynamically identifies and selects the best available products and network tools to execute the investigation and response actions. This translates into fast and optimal incident response, while at the same time simplifying security operations and eliminating maintenance overhead.

Security Apps

Our security platform has predefined security applications, all of which are customizable.

Privilege escalation

Identifies and blocks campaigns that try to gain admin privileges in order to conduct a range of attack types on the organization.

Spear phishing

Mitigates e-mail spoofing fraud campaigns targeted at individual users, resulting in confidential user information theft and more.

Intelligence gathering

A generic application that identifies and mitigates against intelligence gathering attack vectors, including incidents that can evolve into actual attacks.

Financial data leak

Detects and mitigates targeted intrusion attempts and personally identifiable information leaks.

Ransomware

Identifies and blocks campaigns that try to break into data services that store sensitive information and encrypt it for ransom purposes.

Insider threat

Identifies and mitigates abnormal behavior and malicious user activities.

DIY

empow recognizes that your team’s skills are an essential component
of your overall security.

That’s why our platform is built to leverage your skills and requirements to create new security applications. Your security experts can easily build apps using a guided UI process where they select the security services and security functions, as well as workflows that will integrate detection, investigation and mitigation behaviors. Once built by your team, these apps become part of the tool-set that empow abstracts and orchestrates.

 

UEBA & NTA Engines

empows SIEM comes with out-of-the-box UEBA (User Entity Behavioral Analytics) and NTA (Network Traffic Anomaly) engines that learn and profile the normal behavior patterns of users, applications and traffic, and detect anomalies based on deviations from these patterns.

 

These engines add an important layer to a detection system:

  • They spot suspicious and abnormal behaviors that indicate an attacker is already in the environment or a bad insider is active – otherwise missed by signature-based or heuristics tools and static SIEM rules based on thresholds.
  • They identify a critical visibility gap, where most organizations only deploy perimeter and host-based tools, leaving their internal networks, cloud and user activity unmonitored.
  • They can help triage, confirm and complete attack stories by discovering additional attacker steps along the cyber kill chain.

Providing these as integrated, out of the box features of empow’s NG-SIEM enables alerts that are automatically classified by attacker intent, with no correlation rules.

Threat Analytics Reporting
and Security Diagnostics

The empow Security Platform provides advanced threat analytics and security system diagnostics. The Platform includes Threat Analytics monitoring and reports that cover the different threats targeting the organization – providing threat management visibility into the organization’s security posture.

The empow Security Platform enables a detailed Security Diagnostics Servicethat provides fact-based analysis of the security apparatus and security tools, effectiveness against threat scenarios and compliance models.

Request a customized demo

We’ll show you how we can quickly and economically
turn what you have into what you need.