Cyberbit

Solution

Cyberbit, a global provider of cybersecurity products, developed the Cyberbit Endpoint Detection and Response (EDR), an advanced endpoint security solution, which uses behavioral analysis to detect and respond to threats that go undetected by conventional systems. Rather than using signatures to inspect files and processes, Cyberbit’s EDR uses behavioral analysis algorithms to examine events collected from endpoints across the entire network, identify malicious behavior, and alert the security teams, allowing them to respond to the attack or investigate it further.

To provide effective detection, Cyberbit’s EDR continuously records events from the organization’s endpoints. Such events include: reading and writing to the registry, file access and enumeration, loading of processes and DLLs, and more. This data is collected across the entire network and sent to a central Analytics Platform, where behavioral analysis algorithms identify clusters of related events that indicate an attack. Machine learning algorithms are used to differentiate between malicious and benign behaviors.

These algorithms adapt themselves to the customer’s environment, resulting in highly effective detection.

Vertica’s (now OpenText) performance and speed provided the ideal big data platform for our EDR platform’s needs.

Results

With gigabytes of data recorded every minute, a highly efficient ETL process – extracting, transforming, and loading data – is critical for effective threat detection. The Analytics solution provides Cyberbit with near real-time data insertion at the scale of hundreds of thousands of endpoints, resulting in enterprise-grade threat detection quality.

OpenText (formerly Vertica) Analytics provides several capabilities that make it an optimal cybersecurity big data platform:

• Behavioral modeling and detection algorithms, powered by distributed data clusters. Cyberbit uses a cybersecurity behavioral data model which transforms granular and generic endpoint events into cyber behaviors. Such behaviors include self-copying of a process, dropper behavior, code injection, privilege escalation, or lateral movement. The OpenText (formerly Vertica) Analytics solution provides distributed data clusters that enable Cyberbit detection algorithms to process massive volumes of endpoint data and efficiently identify cyber behaviors.
• Effective machine learning with OpenText (formerly Vertica) distributed analytics. A key cybersecurity challenge is reducing the number of false positive alerts. Cyberbit applies machine learning algorithms, which continuously learn the customer’s network activity to differentiate between normal and malicious behavior. This approach results in higher detection rates and dramatically reduces false positives. Machine learning algorithms are optimized for parallel execution and leverage OpenText's (formerly Vertica) distributed analytics capabilities.
• Effective data search for forensics and hunting. Today’s security analysts spend much of their time searching and investigating data. They actively hunt and search for threats within their network, and in the event of an attack, they investigate the data to rapidly understand root cause and mitigate the attack. The EDR platform stores detailed information about each endpoint, including process names, DLLs, command lines, and more. It enables analysts to perform complex queries over large volumes of data, and presents the results in an easy-to-understand interface. OpenText's (formerly Vertica) efficient search capabilities enable rapid querying which is essential for security analysts to outpace attackers.

Cyberbit’s EDR is used by large, highly targeted organizations. Cyberbit therefore required credible, robust, and scalable big data technology that will be trusted by its customers, which include governments, financial institutions, utility providers, and telecom operators. The OpenText (formerly Vertica) brand was an asset in this respect, while the robust system supported Cyberbit’s large-scale deployments across hundreds of thousands of endpoints.