Modern attackers are able to use file-less attacks, zero-day exploits and living-off the land techniques to bypass traditional signature-based risk analysis. Confluera leverages a real-time multi-dimensional threat analysis engine that combines behavioral analytics and AI powered anomaly detections to detect a broad spectrum of threats in real time.
The rapid adoption of containerized workloads and service mesh architectures has created a new attack surface that is dynamic, ephemeral and complex. Attack surface reduction in the pipeline stage still leaves the run-time vulnerable to a variety of attacks and prevention technologies are increasingly ineffective on immutable workloads. Confluera delivers real-time attack interception even if workloads are immutable and are getting deployed at cloud speed. Confluera achieves this by gathering deep telemetry from the container run-time at each layer (container, run-time engine and host OS) and leveraging its Continuous Attack Interception technology to analyze every activity graph for any possible attacker activity or anomalies independent of the vector or exploit used.
Data breaches are not singular events on isolated servers but they are multi-stage campaigns where the attacker progresses through stages of the kill chain navigating through multiple servers in the infrastructure. Confluera’s patented Continuous Attack Interception technology deterministically combines individual findings through causal sequencing of all events across the infrastructure -- to precisely build the entire attack storyboard in real-time.
In the event of a breach, every second counts. Confluera enables customers to rapidly intercept cyber attacks in progress with a set of surgical response actions rather than disruptive big hammer approaches. Our core approach of accurate storyboarding with a causally linked event chain allows the platform to identify an accurate, minimal set of assets and entities (Ex. users, hosts, containers, processes, files, container, IP address) that have been tainted or employed by the attacker. Confluera’s automated policy-based remediation capabilities can rapidly dismantle the attacker’s apparatus and stops further expansion of the progression.
Identifying threats lurking undetected in your network requires much more than a powerful search interface. Confluera combines a real-time petabyte-scale search platform with a patented Continuous Graph platform that allows Threat Hunters to not only dig deep into suspicious events and assets but also to deliver curated storyboards of all other suspicious and benign activities in the past under the context of the same progression leading to these current events. In other words, threat hunters just need to point to a thread and Confluera will pull it and unravel the yarn for you.
Confluera provides SecOps teams continuous and consolidated visibility of infrastructure wide transactions and key security hygiene KPIs that are important to watch. Confluera’s patented continuous stitching technology enables user and session activity monitoring, auditing and storyboarding with predefined filters for specific users and mission critical assets activity tracking across infrastructure. Infrastructure visibility and security KPIs span a wide range of use cases including container discovery, application runtime behavior, user session tracking, host/container runtime behavior, east/west lateral movements, privileged user behaviors, anomalous user behaviors, north-south network behavior and manipulation of mission critical assets.