Pivotal's Approach to Threat Detection

February 28, 2017

Cybersecurity Analytics at Scale

Traditional information security firms continue to use the same old techniques to deal with cybersecurity and threat detection, yet the threats themselves are growing more complex, opaque and dangerous by the day. Most firms confine their approaches to examining high level summary data of network flows like source data, destination data, and number of bytes transferred to detect threats. These approaches overlook critical data sources that, if analyzed, hold the key to keeping threats at bay.

A Big Data and Analytics Approach to Cybersecurity

The Pivotal approach to threat detection centers on cybersecurity analytics at scale. It is a data lake-centric approach, which allows Pivotal to enhance its threat detection models using additional data sources most traditional security providers overlook. In addition to network flows, Pivotal’s approach also merges data such as Active Directory logs, human resources data and LDAP data. By integrating these and additional data sources that hold predictive value, Pivotal is able to look deeply into each user's activity on your network to better detect and track Advanced Persistent Threats (APT) - threats that may be going undetected in your systems.

APT Kill Chain


How Does Pivotal Accomplish This?

First, Pivotal data engineers work with your team to build a security data repository, or data lake, and fill it with large volumes of your enterprise’s historical and near real-time data, including security logs and user activity data.

Next, Pivotal’s data science team works with you to build customized user behavior models, which are then run against the security data repository to assess individual users, job functions, servers, and server criticality for threat potential.

The results are scored and surfaced to your forensic experts for remediation. All feedback provided by your forensic experts on flagged security alerts via an application or dashboard are then fed back into the system of predictive models. The models learn from this feedback, continuously improving in accuracy to better identify true security threats and reduce false alarms through the use of scalable machine learning algorithms.


Cybersecurity Analytics at Scale

The result is a self-learning threat detection solution that uses Big Data, advanced analytics, and machine learning to keep your enterprise safe from even the most sophisticated cyber attacks.


Schedule a Discovery Session with the Pivotal Security Analytics Team

Signal Sciences Service Broker
Signal Sciences Service Broker

Advances in Big Data Research
Advances in Big Data Research