Advanced Detection Based on Unsupervised Machine Learning

Gilad Peleg started his career at the Israeli Defense Forces (IDF) elite cyber security unit, at the center for cryptography and security. Later, he led product management and marketing for a number of large technology organizations, as well as several startups that were eventually acquired. A couple of years ago he went back to his cyber security origins and joined SecBI, where he serves as CEO.

SecBi -advanced detection based on unsupervised machine learning

What makes the SecBI solution unique?

The SecBI solution is about advanced detection. It helps organizations to detect and mitigate the most complex and hidden threats that are out there. SecBI provides full-scope incident detection, compiling all the affected users, domains, devices and servers into a single incident.

SecBI’s unique technology is based on unsupervised machine learning algorithms that continuously analyze the massive amount of network security log data for hidden and unknown security incidents.

How does your solution deal with false positives?

Security teams still base their work on alerts. Whenever a potential threat matches a certain signature or rule, they have to start an investigation process and connect the dots between the alert and a lot of additional data, just to answer the question, “Is this real malicious activity, and if so, who does it affect?” In many cases, security teams spend serious amounts of time chasing what turns out to be false positives.

SecBI’s proprietary engine analyzes the network security log data, and groups events that are significantly correlated and unique in their behavior into distinctive clusters. Once the detection process is cluster-wide, we can ensure detection of weak or hidden signals, which lead to more accurate detection and less false positives.

Who is your solution mostly suitable for?

The customers we target are medium-large enterprises such as financial institutions, retail companies, telcos and healthcare organizations.

It is important to note that our solution is easily and instantly deployed, with no additional appliances or agents. Because it analyzes log data that is already available in the organization, deployment is effortless and requires no changes to the network infrastructure in order to deliver immediate results.

On your website, it is stated that your solution can detect threats that other tools miss. How do you do that?

Our main advantage is in grouping “breadcrumbs” of data to clusters, which improves the signal-to-noise ratio for better detection of malicious activity.

Detection means you’re always trying to identify something with enough confidence to pass a certain threshold. If the threshold is too low, the alerts are false. When you do that based on a discrete activity, a single user, or when you see it based on a pre-configured rule, you need high confidence to be sure that a specific activity is malicious, this results in missing complex and stealthy attacks.

Our solution conducts behavioral clustering, grouping together any communication that the compromised device has with the malicious infrastructure. The SecBI solution is thus able to perform cluster-wide detection,, resulting in a much more accurate and faster ability to detect malicious behavior.

Cluster-wide detection also means that the security analyst will see a comprehensive attack description, providing the complete picture to mitigate the threat completely.

Whenever we find a malicious incident, we observe that less than 10% of the forensic evidence is detected and identified by other vendors. The remaining 90% is totally under the radar and looks like normal communication, and a full 90% of infected users go unidentified.

In your opinion, what is the biggest problem in the cyber world today? And how can it be solved?

There has been a shift in the way attackers operate, with sophisticated tools and services available at very low cost. We know that attacks exist in organizations long before they are detected, sometimes even years. Even when detected, there is a long period during which the organization runs investigations to understand the scope of an attack. This can take months and, in some cases, the full scope is never actually revealed.

CISOs need to reconsider their security strategies and adapt their organizations’ security measures accordingly. Full scope detection of incidents ensures that attacks are fully detected in a timely manner, causing minimal damage to the organization and leaving the attackers empty handed.

Privacy Alert!

You are exposing yourself to the websites you visit!

Your IP Address:

Your Location:

Your Internet Provider:

The information above can be used to track you, target you for ads, and monitor what you do online.

VPNs can help you hide this information from websites so that you are protected at all times. We recommend NordVPN — the #1 VPN out of over 350 providers we've tested. It has military-grade encryption and privacy features that will ensure your digital security, plus — it's currently offering  68% off.

Visit NordVPN

Was this helpful? Share it!
Did you like this article? Rate it!
I hated it! I don't really like it It was ok Pretty good! Loved it!
8.16 Voted by 73 Users
Comment Comment must be from 5 to 2500 characters long.
Thank you for your feedback
Nord is offering 68% off their VPN for a limited time!