Elysium Analytics

Elysium Analytics provides a single pane of glass that allows for aggregated views of all users’ and entities’ activities across an enterprise. By using risk-based profilers, which perform data sketches across time intervals on security metrics baselining the behaviors of all users and entities, we gain full visibility into any anomalous and suspicious behavior through risk-based scoring of the security data 

We target specific threat behaviors that are established by the MITRE ATT&CK vectors, leveraging the benefits of an open community of knowledge sharing. To unify the underlying data schema, Elysium Analytics has created an advanced “layered” schema architecture that provides several different “views” into the same data utilizing different schema layouts.

Elysium Analytics is committed to providing an open security framework solution that, in addition to being the foundation for our ready-to-run behavioral models, serves as a platform for in-house development and 3rd party models. This allows customers to see all behaviors across any number of sources. Our dashboard can be customized and allows SOC analysts to identify and alert on behaviors of users who are exhibiting abnormal and suspicious activities. 

Apply our ML models or build your own

Results from day one with room to grow

Elysium Analytics provides a unique AI-driven security analytics platform that comes with a wide array of ML-based security outcomes and behavioral models to help organizations detect and respond to advanced cyber attacks.

In addition, you can also build your own ML models using the Databricks managed Spark platform with easy access to all your data on the Elysium Analytics platform.

Illustration of cybersecurity
Computer screenshot of content

Insider Threat

Insight into unwanted user and entity behavior on the network from unsupervised learning algorithms across a number of security features. We provide visibility to users who have crossed a defined threshold based on individual statistical anomalies and outliers and provide indicators of compromise.

VPN Session Monitoring

Identification of unusual and suspicious VPN connections by establishing a baseline of activity. When there is a deviation from the baseline, outliers are identified. We profile geo-location of users and endpoints and compute the number of simultaneous VPN connections based on log data of events for session start, session end, session disconnected, and session timeouts.

Computer screenshot of content
Computer screenshot of content

Bot Attack

Detection of high-velocity port scan attacks across devices within a corporate network, indicating possible attack from another VPC network, based on baselining of entity activity and detection of first-seen users or IPs.

Privileged User Monitoring

Identification of insider and external attacks through monitoring of privileged users, services, and shared accounts. We monitor for abnormal usage associated with insider and external attacks through baselining of user and identity-specific activity.

Computer screenshot of content
Computer screenshot of content

Unusual File Access

Detection of individuals and attacker-controlled malware intending to search for and steal valuable files through monitoring for excessive or abnormal file activity on endpoints.

Unusual File Downloads

Detection of unusual file download activity that may indicate malware related payloads entering the network or unwanted user activity through monitoring for low prevalence sites and domains.

Computer screenshot of content
Computer screenshot of content

New IP Addresses

Detection of malicious file downloads, flash, and javascript, as well as phishing sites through the monitoring of connections by users and entities to new IPs and low prevalence sites. False positives are mitigated by monitoring for low prevalence IP addresses compared to past behavior of a user in an organization.

Arrow pointing up/Back to top