Real-Time Anomaly Detection at the Data Level

Identify and prevent security breaches in real time

Existing Anomaly Detection Solutions Have Two Major Limitations

1. Anomaly detection solutions are largely limited to the network or firewall level, rather than at the data level. This means that if an attacker is able to infiltrate the network layer, but goes undetected, no defense in depth approach exists to stop this attacker once he/she reaches the data level. Activity that may appear non-threatening at the network level may be malicious at the data level, but will go undetected once there.
2. Most anomaly detection solutions in market today do not operate in real-time. While they may help an organization discover a prior breach as part of a forensic investigation, they do not give an organization the ablity to interrupt and prevent unauthorized access as it occurs.

Advanced Anomaly Detection for Insider & Outsider Threats at the Data Level

The Sotero Data Security Platform provides significant anomaly detection advances that enable organizations to detect, isolate, and stop data breaches and ransomware attacks as they occur.

How It Works

Organizations use Sotero’s machine learning algorithms to enable analysis of each data access request that inspect every transaction that is submitted for execution. Each transaction is logged, and parsed into its separate components. These are evaluated in the context of historical use of the data asset or database. Each attribute that is part of the transaction is assigned an anomaly score and a combined threat score is then computed using weighted scores for all attributes within a transaction.

The threat score categorizes transactions based on the score range. Score ranges are then used to make decisions on the execution of the transaction, executing with a notification or quarantining the transaction for further review and approval or disapproval. All decisions are stored, providing organizations field-level, granular forensics should a breach occur. These time stamped forensics can be used to determine exactly what portion of compromised data must be restored, saving the organization time and money from having to restore full backups.

Sotero’s logging and scoring framework works seamlessly in conjunction with the transaction and encryption/decryption APIs with an autonomous service and asynchronous function. The benefit of this cutting-edge approach is that each transaction adds to the history of learnigns that will be used to analyze the next set of transactions.
The Benefits of Real-Time Anomaly Detection and Insider Threat Prevention

The analysis is done in real-time by a powerful machine learning model that enables threats to not only be detected, but also stopped from executing. Organizations gain complete control over their data’s privacy, compliance, and data governance.

Security teams can run both administrative functions and access a repository of database activity that can be filtered by database or application, including multi-tenant scenarios all from within the anomaly detection management console. Here an administrator can immediately identify and quarantine abnormal data and malicious users in addition to: total transactions, transactions by threat score range, flagged transactions, and quarantined transactions. Organizations use Sotero’s solution across multiple datasets to build threat detection learnings across data assets.