USE CASES

How our customers use the Confluera XDR platform?

Real-time Threat Detection

Modern attackers are able to use file-less attacks, zero-day exploits and living-off the land techniques to bypass traditional signature-based risk analysis. Confluera leverages a real-time multi-dimensional threat analysis engine that combines behavioral analytics and AI powered anomaly detections to detect a broad spectrum of threats in real time.

“Confluera independently detected all the threats that our current industry-leading EDR solution identified but with far fewer false positives."
Run-time Container Security

The rapid adoption of containerized workloads and service mesh architectures has created a new attack surface that is dynamic, ephemeral and complex. Attack surface reduction in the pipeline stage still leaves the run-time vulnerable to a variety of attacks and prevention technologies are increasingly ineffective on immutable workloads. Confluera delivers real-time attack interception even if workloads are immutable and are getting deployed at cloud speed. Confluera achieves this by gathering deep telemetry from the container run-time at each layer (container, run-time engine and host OS) and leveraging its Continuous Attack Interception technology to analyze every activity graph for any possible attacker activity or anomalies independent of the vector or exploit used.

"What made Confluera shine in our container environment is how their real-time attack narratives and detections worked really well during a steep scale-up cycle -- it scales well.”
Autonomous Threat Investigation

Data breaches are not singular events on isolated servers but they are multi-stage campaigns where the attacker progresses through stages of the kill chain navigating through multiple servers in the infrastructure. Confluera’s patented Continuous Attack Interception technology deterministically combines individual findings through causal sequencing of all events across the infrastructure -- to precisely build the entire attack storyboard in real-time.

“In the last 6 months, Confluera has consolidated over 5 billion signals in to 23 actionable storyboards / attack narratives with just 1 false positive. This is the type of SOC automation we had originally hoped to get from our SIEM investment."
Incident Response Automation

In the event of a breach, every second counts. Confluera enables customers to rapidly intercept cyber attacks in progress with a set of surgical response actions rather than disruptive big hammer approaches. Our core approach of accurate storyboarding with a causally linked event chain allows the platform to identify an accurate, minimal set of assets and entities (Ex. users, hosts, containers, processes, files, container, IP address) that have been tainted or employed by the attacker. Confluera’s automated policy-based remediation capabilities can rapidly dismantle the attacker’s apparatus and stops further expansion of the progression.

“Confluera’s recommendations are like a perfect run-book for incident remediation. It creates the entire attacker journey and give us a precise list of processes, files, network connections on specific hosts that need to be examined or remediated, in real-time."
Proactive Threat Hunting

Identifying threats lurking undetected in your network requires much more than a powerful search interface. Confluera combines a real-time petabyte-scale search platform with a patented Continuous Graph platform that allows Threat Hunters to not only dig deep into suspicious events and assets but also to deliver curated storyboards of all other suspicious and benign activities in the past under the context of the same progression leading to these current events. In other words, threat hunters just need to point to a thread and Confluera will pull it and unravel the yarn for you.

“The attack narrative visualization is a giant step ahead in terms of threat hunting speed and effectiveness."
Operational Visibility & Security Insights

Confluera provides SecOps teams continuous and consolidated visibility of infrastructure wide transactions and key security hygiene KPIs that are important to watch. Confluera’s patented continuous stitching technology enables user and session activity monitoring, auditing and storyboarding with predefined filters for specific users and mission critical assets activity tracking across infrastructure. Infrastructure visibility and security KPIs span a wide range of use cases including container discovery, application runtime behavior, user session tracking, host/container runtime behavior, east/west lateral movements, privileged user behaviors, anomalous user behaviors, north-south network behavior and manipulation of mission critical assets.

TESTIMONIALS

What Our Customers Are Saying?

With the number of data breaches in the headlines on a daily basis, and customer-sensitive data appearing on the dark web, we at CohnReznick are focused on state-of-the-art technologies that can help us detect and thwart ongoing attacks. Confluera allows us to very easily deploy a unique solution that operationalizes our critical infrastructure security.
Richard Cannici
Head of Infrastructure and Security