ExtraHop launches threat monitoring service 'Addy' in Australia
Data analytics company ExtraHop has announced the Australian launch of what calls an ‘industry-first’ SaaS offering that uses machine learning to analyse all digital interactions.
The machine learning service, called ‘Addy’, is able to observe and analyse all digital interactions. It uses machine learning to detect anomalies as they happen, which enables a data-driven approach to securing the digital experience.
“The real-time network analytics ExtraHop provides already helps Australian companies better understand their environment and detect threats,” comments ExtraHop’s senior VP, Bryce Hein.
The company says that often traffic patterns change, devices on the network come and go, and most people don’t have the time to configure manual thresholds. Machine learning automatically sifts through metrics, a task that would be impossible to do manually.
The company cites statistics from Accenture’s High Performance Security Report 2016, which found that 65% of breaches are discovered by internal security teams. In Australia, half of respondents said it takes ‘months’ to detect breaches.
“Current and future demands of infrastructure and operations (I&O) require a specific, strategic investment in a platform that is designed to collect and analyse data from any source with the assistance of increasingly intelligent machines,” adds Gartner analyst Colin Fletcher.
As a result, ExtraHop designed the machine learning service to build baselines for each device, network and application. It also uses in-house and crowdsourced domain expertise to complement the core service and eliminate false positives over time.
Network traffic and application performance is extremely cyclical; past behaviour is a strong predictor of future behaviour,” the company says in its blog.
“As part of our research, we isolated a set of features in wire data that have the highest probability of correlation with relevant IT operation and security anomalies. Addy extracts metrics to tune a model with a custom machine-learning algorithm. The service continuously checks device and network behaviours through metrics collected by the ExtraHop systems and applies that data against the model it built. It then generates an alert when there are anomalous behaviours that might affect IT operations or security.”
According to ExtraHop, Addy can be paired with the company’s analytics-first workflow which alerts teams to performance and security issues.
“With Addy, we’re bringing machine learning to bear, helping surface performance and security anomalies faster than ever, and cutting through the noise to keep IT and security teams focused on the most important issues. Not only will this help them stay secure and compliant, but it will also help ensure a better digital experience for customers,” Hein concludes.