Aggregated views of all users’ and entities’ activities across an enterprise in a single pane of glass
Full visibility into any anomalous and suspicious behavior through profiling and risk-based scoring
Specific threat behaviors mapped to MITRE ATT&CK vectors describe the “how” and “why” of a threat actor’s actions
Different “views” into the data through a layered data schema architecture
Detect disturbances across your applications, network and infrastructure
- Baseline user and entity behaviors for detection of threats & operational disturbances across enterprise infrastructure and cloud environments
- Graph visualization to show the relationships between users and entities
- Open (Semantic) Data Model to unify and connect the data for contextual analysis
- Detect anomalies with profiling and explainable risk-based scoring
- Unified Data Cloud between IT, security and operations teams delivers higher fidelity analytics
Investigate and respond to cyber threats faster
- Correlate security signals and collaborate on investigations
- Retain all security data to correlate them and identify trends over time
- Rapidly analyze threats and easily filter security signals based on key attributes such as severity level, the MITRE ATT&CK® technique, or any associated entity, such as an attacker’s IP Integrate with collaboration tools to quickly loop in relevant teams for faster investigations
Faster detection and remediation with automated investigations
-
Reduce alert fatigue with Investigation automation on incoming alerts to show what happened and why it’s happening
-
Express relationships between the network, endpoint, and cloud assets in a graphical analysis for detection and visualization
-
Domain knowledge are mapped through Elysium Data Model (knowledge graphs) to connect events and alerts
-
Consolidate alerts into prioritized workflows to focus an analyst for better incident response
Detect MITRE ATT&CK Techniques
- Get a clear picture of every part of your cloud
- Visibility from both an operations and security perspective
- Apply machine learning and set thresholds for high fidelity alerting
Investigate and respond to SaaS disturbances
- Support both operations and security in one application
- Monitor SAAS latency, traffic, errors, and saturation
- Rapidly analyze events and filter based on key attributes such as severity level
Advanced workflow alerts
- Immediately improve your security posture with out-of-the-box detection rules that automatically flag attacker techniques and misconfigurations mapped to the MITRE ATT&CK® framework
- Easily create your own custom rules in seconds – without the need to learn a proprietary query language
- ML-based security outcomes and behavioral models aid in detecting and responding to advanced cyber attacks
UEBA
- Detect potential threats across the full stream of ingested observability data
- Analyze everything and retain all the data on Snowflake’s Data Cloud
- Receive actionable alerts on malicious or anomalous patterns as data is received in near real time
