Automate till you SOAR
With DNIF, we have a real opportunity to let machines do what they do best and allow humans the time to do activities that can actually change the game. An adaptive security architecture helps you orchestrate your defenses with relative ease and scale.
Outlier detection identify anomalies based on what you know

Identify anomalies based on what you know

This is easy, you need to know what you know to know what you don't know. DNIF is quick and agile, it is therefore able to build a knowledge profile of what you know and identify situation that you have never seen before.

  • DNIF can fire up a profiler in seconds, which is unique to this industry
  • Profilers could be aggregated or can use a machine learning model
  • Models used here could be single or multi-dimensional
create profilers to implement concepts like Machine Learning and base lining

Run profilers on any parameter, factual or functional

Speed of query execution is the game changer in implementing concepts like Machine Learning and multi-dimensional / time based aggregation. Now you can execute long duration queries over past data to quickly learn and profile user / entity / parameter behavior.

  • Profiles could use single dimensional data like usernames, domain names, URLs
  • Models could use time based functions like hits per min or total data transferred every hour
  • Functional parameters like compacted keys, slugs can also be a part of a profile
Setup up dynamic baselines of models

Update primary models as required

Models need to keep learning to stay in the current realm and be accurate, you could choose to update your models periodically by plugging it into a workbook or you could fire them up at will. You could also make them learn on the go using incremental updates.

  • Use incremental updates in cases where your models operate in a dynamic environment
  • Update models in batches in cases where you work with historical profiles

Related Use Cases

  • Devices not reporting events over a period of time can now be re-imagined using individual thresholds for each device, this reduces corner cases and the need to white-list scores of devices that don't match the criteria
  • Privileged user access on critical devices can now be profiled to identify suspicious access patterns
  • Database access can be monitored to identify outliers in user queries or functions that the system has never seen before