Why We're Different
The typical paradigm for threat-detection is an “opt-in” model, where any incident that conforms to a known set of parameters for abnormal behavior is deemed a potential threat (opt in). Unfortunately, with today’s torrent of known and unknown threats, it’s impossible to set parameters that isolate actual threats – they are either too narrow and allow threats to go undetected, or too broad and create alert overload. The ATA Platform takes a fundamentally different approach with a unique “opt-out” model. This model is built on the premise that abnormal behavior is unpredictable, so it is impossible to identify it with any degree of accuracy. However, normal behavior is predictable, so it is possible to discard any alerts (opt out) that fall within the parameters of normalcy, thus leaving only the threats behind.
Big Data, Better Results
The ATA Platform’s Alert Classification Engine effectively executes the opt-out model by using big data and human-supervised machine learning to gain a deep understanding of “what’s normal,” so it can separate false positives from legitimate alerts with far greater accuracy than is possible through traditional SIEMs and other security systems.
The ATA Platform is an ideal complement for SIEM and security orchestration systems. While the SIEMs excel at security event aggregation, normalization and correlation, they generate far too many false-positives for most incident-response teams to investigate. The ATA Platform reduces alert false positives by 99%, resulting in a much more manageable alert load that improves the efficiency and effectiveness of incident-response teams.
If these teams are using security orchestration systems, so much the better – they can dramatically reduce time to remediation because they are eliminating wasteful investigations of false-positives.