Technology
Spherical Defense ingests many forms of structured data, from HTTP traffic to AuditD System Call logs. Events in this form are converted into points in space, in which many geometric properties arise. The most interesting property is that nearby points within this space have a similar meaning.
Rather than using a 3-dimensional space with X, Y and Z coordinates for each point, we instead use 150 dimensions. This enables us to capture far more nuance in the content of the processed data, and means that even small abnormalities and deviations can be detected.
Whole streams of user behaviour can be captured as the movement between consecutive points. This movement is the unique fingerprint of a user, user type, or process - depending on the application.
Alerting
If this fingerprint looks different to what is commonly seen, several things can happen. First, the event that caused the deviation can be blocked. This is useful for HTTP traffic, where attacks can cause damage to running web servers. The second option is that an event is fired to an existing SIEM system such as Splunk or LogRhythm. The final option is that logs are written for ingestion by a downstream service such as LogBack.
Retraining
As user and system behaviour changes over time, Spherical Defense continuously retrains to capture these alterations. This prevents trained models from going stale, and causing false positives and negatives.
Rapid Deployment
Our model is built using API access logs, which may be historic data, or real time API requests. Unlike WAFs, there is no need for the creation of rules or signatures
Easy Integration
Our technology fits within your existing infrastructure, be that on premise or a private cloud. Our models are agnostic to your choice of infrastructure
Secure and Confidential
All your data stays within your network, and our model can be built and operated without requiring any third-party access to your data
Unattended Learning
We dynamically build any number of models to protect each of your applications, without the need for user intervention
Transparent Operation
Security is provided with little or no performance degradation.
Resilient
We provide fail-safe service against any single point of failure