Confluera combines behavioral analytics and ML powered anomaly detections to detect a broad spectrum of suspicious host and network behaviors in real time. What makes it special is the noise reduction and low false positives to intercept threats ‘that matter’ , thanks to the continuous attack graph approach.
Attacker activities, both malicious and benign, manifest themselves from different vantage points. To spot an attack, security teams must have a wide-angle view of the infrastructure. The more you can see, the better equipped you are to intercept bad actors.
Confluera’s XDR engine integrates detections and telemetry from threat intelligence feeds and other security tools into its threat storyboards, enabling high confidence threat detection and speeding up investigations.
Even seemingly benign detections matter when detecting attackers using living off the land techniques to perform discovery, reconnaissance, and lateral movements. But most of these weak but critical detections get lost in the haystack.
Confluera’s Continuous Attack Graph technology constantly stitches every signal from different tools and escalates the threat storyboard when a combination of weak signals indicates a malicious pattern.
Analysts spend most of their investigation efforts identifying related events across multiple tools and constructing the timeline. Confluera accelerates this investigation process by connecting the events across various tools and automatically surfacing storyboards worth investigating further. Organizations typically experience a 90% reduction in investigation time with Confluera.
Confluera XDR provides both push (syslog) and pull (REST, S3) based connector frameworks to ingest telemetry and results from security sources such as EDR, CWPP, Firewall, WAF, ALB, Cloud logs, and Threat Intel feeds in real-time. Confluera also integrates with industry-leading response tools such as SOAR products and Incident management tools.
Confluera’s built-in integration with Threat Intel Sources allows you to identify compromised workloads showing activity from known threat actors by fusing threat intel detections such as malicious IPs, threat actor groups, exploit CVEs techniques, and geo-location into its storyboards.
You can start with a detection from your current EDR or CWPP tool and analyze it deeper in Confluera’s threat storyboard with additional context from other security signals. You now see all prior and following activities which are related to the investigated detection. Alternatively, you can start with Confluera’s curated threat storyboards and then move to the EDR or CWPP console for targeted remediation.