Real-time Threat Storyboarding

Powered by patented Continuous Attack Graph technology, Confluera connects individual findings across the infrastructure and gaps in time. The resulting real-time attack narratives enables you to intercept hidden adversaries advancing through the infrastructure. Inaccurate manual correlation of events available only after the incident, is now a thing of the past.

The motivation: Increasing attacker dwell time

The average attacker dwell time is 279 days. Defenders simply cannot keep up with increasingly sophisticated attackers with legacy point solutions and manual investigation efforts.
Modern cyberthreats are multi-staged
Every attacker knows that, as an outsider, they must look like an insider. Tracking these low and slow attacks is all about making sense of weak signals.

Point solutions create siloed visibility
Isolated observations from siloed products create a deluge of false positives and important weak signals get lost in the noise.

The overall threat context is missing
Analysts don’t have a big picture view that combines all security signals from different points in time and different parts of the infrastructure.
Post-facto manual analysis can’t keep up
Analysts spend their time manually piecing together a jigsaw puzzle that is rearranged daily and miss 44% of alerts generated

The Power of a Causal Story.

What is Real-time Threat Storyboarding?

Real-time Threat Storyboarding delivers real-time causal execution narratives as they take place and autonomously surface the ones that exhibit suspicious behaviors on their trails. You'll see the entire activity narrative precisely-number of hosts and containers trailed by the adversary, suspicious activities within them, the amount of time spent in each workload, across any number of workloads, and any amount of time.

Powered by Continuous Attack Graph

Real-time Threat Storyboarding is powered by Confluera’s patented Continuous Attack Graph technology based on T-DAG (Transactional Directed Acyclic Graph) concepts. The technology models each and every execution trailed within the infrastructure as an activity graph and then ranks each graph by the degree of suspicious behavior exhibited along the way.

How does it work?

1. Stitch Events

Native and third-party event telemetry is causally connected into infrastructure-wide activity sequences.

2. Fuse Signals

Security signals, both native behavioral/ML detections and third-party security results are then applied to activity sequences..

3. Rank Threats

Attack chains automatically surface up based on the cumulative risk of signals on activity sequences..

4. Intercept Attacks

Attack chains automatically surface up based on the cumulative risk of signals on activity sequences..

What makes it unique?

Track adversary trail across the infrastructure

At the heart of Confluera’s Continuous Attack Graph technology is its ability to accurately track the adversary's trail in real-time. It uses an array of proprietary instrumentation techniques and algorithms that stitch underlying container and host activities along with east-west lateral movements between containers and hosts to track every step of the adversary, right from where it entered the infrastructure to where it has currently moved to.

Optimized to sniff out slow moving attacks

Most undetected attacks have large dwell times where the attackers patiently wait several months on each jump point before initiating the next move. Confluera’s causal event chaining technology inherently stitches a new event to its underlying causal graph instantly, even if the underlying graph has been dormant for minutes, hours, days, weeks, or months. Confluera has complete context to purge inactive entities in these graphs that make them highly space efficient compared to other EDR + SIEM or XDR solutions.

Fusion of diverse security signals from existing security tools

Attacker activities, both malicious and benign, manifest themselves from different vantage points. To spot an attack, security teams must have a wide-angle view of the infrastructure. The more you can see, the better equipped you are to intercept bad actors. 

Confluera’s XDR engine integrates detections and telemetry from threat intelligence feeds and other security tools into its threat storyboards, enabling high confidence threat detection and speeds up investigations.

Amplify even the weak signals

Even seemingly benign detections matter when detecting attackers using living off the land techniques to perform discovery, reconnaissance, and lateral movements. But most of these weak but critical detections get lost in the haystack. Confluera’s Continuous Attack Graph technology constantly stitches every signal from different tools and escalates the threat storyboard when a combination of weak signals indicates a malicious pattern.

Self-updating and context-sensitive recommendations

Confluera automatically generates remediation recommendations at the storyboard level based on the hosts, applications, processes, users, and network connections involved in each storyboard. Furthermore, Confluera’s Continuous Attack Graph technology keeps the attack graph continuously updated such that the list of recommendations only applies to entities that are live and active at that time.

By the way, it is all real-time

The true test of an XDR is not the number of sources it can integrate with. It is the ability to process telemetry from those sources fast enough to detect an attack in real-time and give your team the opportunity to intercept it while it is unfolding.

Confluera’s purpose-built architecture is designed to handle very high stream-rates of telemetry from a wide variety of sources, and still deliver real-time event stitching and IOC detection for environments with tens of thousands of workloads.

How it matters?

10x reduction in alerts

Confluera uses a fundamentally different approach to threat monitoring -- which drastically reduces the need to chase individual detections or alerts. Through a refined set of risk-prioritized storyboards curated at run-time, SecOps teams achieve near-zero time to conclude whether detections are benign or whether they are part of a larger attack narrative brewing underneath.

Force multiply your SOC team

Analysts spend most of their investigation efforts identifying related events across multiple tools and constructing the timeline. Confluera speeds up this investigation process by connecting the events across various tools and automatically surfacing storyboards worth investigating further.

Dramatically reduce detection time

Significantly reduce MTTD of multi-stage attacks with real-time storyboards, rather than chasing down isolated events and manually correlating them after the fact.

Consolidate your security tools

Protect yourself from sophisticated attacks by leveraging a novel ability to unify holistic security visibility to accurately track threats in real-time. Fully leverage your existing security investments, detect threats early and stop them before ultimate damage.

Our Values.

Their Words.

"We are focused on state-of-the-art technologies that can help us detect and thwart ongoing attacks. Confluera allows us to very easily deploy a unique solution that operationalizes our critical infrastructure security"

Richard Cannici
Head of Infrastructure and Security

"None of the solutions in the market could detect breaches in real-time, and more importantly, remove them surgically. With Confluera, we are able to accurately detect and respond to breaches in real-time without impacting our business."

WATCH TESTIMONIAL
WATCH TESTIMONIAL
Higher Education Provider

"Confluera helped to confirm that no indicators of compromises had been found and helped us generate a report detailing our security controls and response to the SolarWinds breach."

Director, Information Security Operations

Intercept Threats. Before Damage.

Ready to experience the benefit of Confluera?
Start your 30-day trial and see for yourself how the latest innovation in detection and response can fend off the most advanced modern cyber attacks.
Like to learn more about Confluera?
Schedule a 30-min demo with one of our cybersecurity experts to learn how Confluera can help you identify and intercept cyber threats before it becomes a breach.