At the core of empow’s technology is an AI based correlation engine that leverages Belief and Bayesian models to automatically correlate logs, including through cause-and-effect relationships. This automates the process of root-cause and triage analysis as well as predicting the attacker’s next steps, and clustering the logs into only a few real attack stories.  The result is a graphical time-based representation of real attacks and prioritized entities that are at top risk.

User activity logs are processed by empow’s UEBA, which establishes normal behavioral profile patters and flags deviations which reflect potential attack behaviors.
Read more in our UEBA White Paper.

empow’s DPI network sensors feed the network traffic analytics module, which learns the normal traffic patterns between hosts within the organization and flags anomalies that reflect both known and unknown potential attack behaviors.
Read more in our NTA White Paper.

This module incorporates proprietary algorithms that processes the outputs of all analytics, automatically identifies root-cause cases, and attack next steps in order to cluster them into only a few real attack stories. The result is time-line of real attacks and prioritized entities that are at top risk.

empow’s NLP-based threat classification center continuously collects threat intelligence from multiple commercial and open threat centers and enriches the logs with it.  It then uses the power of NLP to automatically and continuously classify the logs into potential attack behaviors represented by attack techniques, tactics, malicious software and other parameters, representing the logs one language of ATT&CK.
Read more in our AI White Paper.