Awake Security, the only advanced network traffic analysis (NTA) company that delivers a privacy-aware solution, announced enhancements to its platform including the introduction of Adversarial Modeling, an industry-first capability that gives security teams an unparalleled ability to identify attackers based on their intent.
By understanding mal-intent, versus looking for only specific indicators of an attack, Awake greatly improves the ability for organizations to see and stop attackers, especially those that are living-off-the-land.
Awake’s Adversarial Modeling capability is among several new features introduced by the company in the latest version of its award-winning platform.
Other new features that empower security analysts to do their jobs more easily and effectively include enhancements to Awake’s security expert system – Ava – that introduce autonomous triage and response; user experience enrichments and new third-party integrations that simplify and speed workflow; and extended support for cloud environments.
“Security analysts sometimes have an impossible job, so we’re continuously looking for ways to make their lives easier and ultimately, their organizations more secure.
“Adversarial Modeling is a huge leap forward because it brings offense and defense together – we’ve always been able to model a customer’s environment, and now we can model the moves adversaries make too,” said Rajdeep Wadhwa, VP of product management at Awake Security.
“It’s basically like having the other team’s playbook and then being able to pick up signals about what play they’re running, and when. That amount of insight would create an all-star defense, no matter the sport, and it’s exactly what we’re doing for security teams.”
Attackers use a complex set of tactics, techniques, and procedures (TTPs) that are hard to detect because they involve abusing insider privileges, “living off the land” and avoiding malware. These TTPs will often not register as anomalies or exhibit the indicators of compromise that traditional security tools look for.
Adversarial modeling requires multi-dimensional analysis that spans factors including time, entities and protocols. Awake is the only solution that is able to deliver on this capability and thus detect attacks that go unnoticed today.
“Once attackers find a tactic or technique to be successful, they may use it repeatedly. Changing certain aspects of an attack – like source email address or domain name – has been an easy way for some to avoid detection,” said Scott Crawford, Research Vice President at 451 Research.
“It takes much more time and effort for attackers to adapt their playbooks with completely new tactics or techniques. This is why Awake’s approach of modeling and looking for that behavior can help make the defense more effective against such moves.”
Awake’s security researchers continuously add adversarial models into the platform, giving organizations the power to detect new and evolving TTPs. Importantly, it also gives customers the ability to modify those models or build their own in order to more accurately identify threats aimed at their unique environment.
Enhancing Ava: Autonomous triage and response, new integrations, and cloud support
Additional new features to the Awake Security platform include enhancements to Ava, the world’s first privacy-aware security expert system, which the company introduced earlier this year.
Ava now includes capabilities for autonomous triage and response that ultimately reduce the manual work effort required by the security team, thereby reducing the burden on the team and making it possible for analysts of all skill levels to use the product.
A key challenge that security teams face today is that their security solutions alert on the weakest signals and behavioral threats, causing a flood of alerts.
Ava tracks these weak signals but much like a human expert, also looks for other signals – based on Awake’s unique knowledge of every user, device, and entity on a network – to confirm a detection. This results in only high-fidelity alerts that call for action.
When action is required, integration with other security solutions speed Ava’s autonomous triage and response. For example, a new integration with SentinelOne helps joint customers create a more cohesive security posture between network and endpoint protection.
“SentinelOne delivers autonomous endpoint protection through a single agent that successfully prevents, detects, and responds to attacks across all major vectors,” said Daniel Bernard, CMO at SentinelOne.
“Through our partnership with Awake Security, we’re giving customers more insight and context into what’s happening on their network and increasing their ability to detect, respond to, investigate, and hunt for threats.”
All of Awake’s new capabilities also extend to the cloud and now Awake Sensors and the Awake Nucleus can both be deployed on Amazon Web Services (AWS). Powered by Ava, this integration provides cloud native support for advanced detections, autonomous threat hunting, and triage capabilities.
The Awake Security Platform seamlessly provides 360-degree detection and response for an organizations’ full potential attack surface, including cloud workloads and applications.
Combining that visibility with Awake’s situational awareness and comprehensive knowledge of other parts of the network—including IoT and OT—enterprises are now able to understand threats and triage incidents with a unified view, irrespective of where the assets being targeted reside.
In addition, customers have the flexibility to keep their data within their infrastructure whether it is on-premise, in the cloud, or in a multi-cloud environment.