Real Talk Part 2: A Human-Readable Introduction to Confluera

Dec 8, 2020
Vinay Prabhu
Head of Quality Assurance

To Read Part 1: The Wild Wild East-West

While we were writing this blog, there was a high profile security breach. It can happen to anyone, at any time. Infrastructure Attacks are getting stealthier.

The Competitive Landscape: Great Tech That Works…Sometimes

Several new security technologies have popped up in the past decade, but none of them can comprehensively secure a modern multi-cloud enterprise network.

We’re not here to bash anyone else’s product. If you’ve got cash to spend on several technologies, there are good solutions in each of these areas.

In order to place Confluera’s solution in context, here’s our view of the competitive landscape.

Network Anomaly Detection: In theory, this is a good idea. Looking at patterns in encrypted network traffic avoids several privacy concerns, leverages low-cost compute, and makes use of new developments in machine learning.

But there are a couple of limitations with this approach.

First, Network behavior is human behavior: it’s complex. Building an abstract model of an attack using network traffic patterns is like trying to find robbers by monitoring how many times someone enters and exits a house. You’re as likely to flag a party as an actual robbery. Anomaly detection technologies have painful false positive rates that drown users in false alerts and make it difficult for SOC analysts to know when action is actually required.

Second, only 3 of the 14 common attack phases are visible on the public internet. There’s a traffic signature when an attacker first tries to find your server, and when they’re doing damage. By the time a network anomaly appears, it’s likely that serious damage has already been done.

End Point Detection: These are descendants of virus scanners that run on your desktops and laptops. They look in files for the signatures of known threats. They also monitor process behavior and flag actions that are commonly used in known attacks.

But the pace of software development as well as the pace of attack innovation makes it almost impossible to keep these tools up-to-date. They often miss new attacks as well as flag non-threatening programs that don’t conform to their deterministic characterization of “normal” behavior.

Vulnerability Discovery: There’s some really cool development in this space. Expanse, for example, scans the entire internet every hour looking for ports that have been left open or servers responding to requests that should be blocked. If your network is a house, vulnerability discovery solutions are tech that stands outside looking for open windows. There are also companies that will actively try to hack your network. But you can’t win the cybersecurity game playing pure defense. An attacker will eventually get into your network.

Next-Generation Firewalls : This is one of the legacy security categories, and the big networking companies are selling modern versions of technologies that limit incoming and outgoing traffic. Some of them are good, and are worth the money for businesses with a lot of it. Simplified policy language minimizes the opportunity for human error, and there are some good user authentication tools available. But for businesses that use cloud-based SaaS products, securing your network perimeter is no longer enough.

Confluera: Graphing Behavior in Actual-Real Time

Confluera approaches security in a fundamentally new way that mirrors the distributed nature of modern attacks. Determinism without disruption is one of Confluera’s fundamental pillars.

Modern attackers spend months or even years slowly moving from server to server, gathering valuable data, and exporting it. Attackers are patient, quiet, and methodical. Confluera’s solution is designed with this in mind.

Where other solutions often aim to discover attacks based on a single obviously suspicious behavior, we watch for suspicious patterns in behavior. By monitoring behavior graphs from servers across your network, Confluera can identify attack patterns that jump between services or cloud providers. Because our attack chains are multi-phase, we’re able to avoid “crying wolf”. You are alerted only when a real threat is present.

Confluera Attack Graph

Our solution is also integrated with an intuitive monitoring pane that gives you realtime information about network usage as well as active threats.

Confluera at a glance

Because Confluera works so well, our favorite way to explain our pioneering product is to show it to you!

Please reach out to demo@confluera.com for a demo!

Or if you just want read some more I would recommend: Welcoming-weak-signals

BACK TO BLOGS

Intercept Threats. Before Damage.

Ready to experience the benefit of Confluera?
Start your 30-day trial and see for yourself how the latest innovation in detection and response can fend off the most advanced modern cyber attacks.
START A TRIAL
Like to learn more about Confluera?
Schedule a 30-min demo with one of our cybersecurity experts to learn how Confluera can help you identify and intercept cyber threats before it becomes a breach.
request demo
Confluera delivers real-time infrastructure-wide cyber kill chain tracking and response by leveraging ‘Continuous Attack Graph’ to deterministically stop and remediate cyberthreats in real-time.
Contact us
(650) 485-2826
Product
Confluera CxDR PlatformReal-time Threat StoryboardingFeatures
Solutions
Use Cases 1Use Cases 2Use Cases 3EnterpriseMSSP
resources
Data SheetsWhite PapersVideos
COMPANY
In the NewsPress ReleasesEventsTeamCareers
Blog
IndustryPlatformProduct
Copyright © 2021 Confluera Inc. All Rights Reserved. I Terms of Use I Privacy Policy I EULA