The listings featured on this site are from companies from which this site receives compensation. This influences: Appearance, order, and manner in which these listings are presented.
Our videos have over 5 million views on Youtube! Visit our channel now »
Disclosure:
Professional Reviews

vpnMentor contains reviews that are written by our community reviewers. These take into consideration the reviewers’ independent and professional examination of the products/services.

Ownership

vpnMentor was established in 2014 as an independent site reviewing VPN services and covering privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, ZenMate, Private Internet Access, and Intego, which may be reviewed on this website.

Affiliate Commissions Advertising

vpnMentor contains reviews that follow the strict reviewing standards, including ethical standards, that we have adopted. Such standards require that each review will take into consideration the independent, honest and professional examination of the reviewer. That being said, we may earn a commission when a user completes an action using our links, at no additional cost to them. On listicle pages, we rank vendors based on a system that prioritizes the reviewer’s examination of each service, but also considers feedback received from our readers and our commercial agreements with providers.

Reviews Guidelines

The reviews published on vpnMentor are written by community reviewers that examine the products according to our strict reviewing standards. Such standards ensure that each review prioritizes the independent, professional and honest examination of the reviewer, and takes into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings we publish may also take into consideration the affiliate commissions we earn for purchases through links on our website.

Advanced Detection Based on Unsupervised Machine Learning

Advanced Detection Based on Unsupervised Machine Learning

Author Image Ditsa Keren
Ditsa Keren Updated on 29th June 2023 Technology Researcher

Gilad Peleg started his career at the Israeli Defense Forces (IDF) elite cyber security unit, at the center for cryptography and security. Later, he led product management and marketing for a number of large technology organizations, as well as several startups that were eventually acquired. A couple of years ago he went back to his cyber security origins and joined SecBI, where he serves as CEO.

What makes the SecBI solution unique?

The SecBI solution is about advanced detection. It helps organizations to detect and mitigate the most complex and hidden threats that are out there. SecBI provides full-scope incident detection, compiling all the affected users, domains, devices and servers into a single incident.

SecBI’s unique technology is based on unsupervised machine learning algorithms that continuously analyze the massive amount of network security log data for hidden and unknown security incidents.

How does your solution deal with false positives?

Security teams still base their work on alerts. Whenever a potential threat matches a certain signature or rule, they have to start an investigation process and connect the dots between the alert and a lot of additional data, just to answer the question, “Is this real malicious activity, and if so, who does it affect?” In many cases, security teams spend serious amounts of time chasing what turns out to be false positives.

SecBI’s proprietary engine analyzes the network security log data, and groups events that are significantly correlated and unique in their behavior into distinctive clusters. Once the detection process is cluster-wide, we can ensure detection of weak or hidden signals, which lead to more accurate detection and less false positives.

Who is your solution mostly suitable for?

Our target customer base consists of medium to large enterprises, including financial institutions, retail companies, telecommunications companies (telcos), and healthcare organizations.

It is important to note that our solution is easily and instantly deployed, with no additional appliances or agents. Because it analyzes log data that is already available in the organization, deployment is effortless and requires no changes to the network infrastructure in order to deliver immediate results.

On your website, it is stated that your solution can detect threats that other tools miss. How do you do that?

Our main advantage is in grouping “breadcrumbs” of data to clusters, which improves the signal-to-noise ratio for better detection of malicious activity.

Detection means you're always trying to identify something with enough confidence to pass a certain threshold. If the threshold is too low, the alerts are false. When you do that based on a discrete activity, a single user, or when you see it based on a pre-configured rule, you need high confidence to be sure that a specific activity is malicious, this results in missing complex and stealthy attacks.

Our solution conducts behavioral clustering, grouping together any communication that the compromised device has with the malicious infrastructure. The SecBI solution is thus able to perform cluster-wide detection,, resulting in a much more accurate and faster ability to detect malicious behavior.

Cluster-wide detection also means that the security analyst will see a comprehensive attack description, providing the complete picture to mitigate the threat completely.

Whenever we find a malicious incident, we observe that less than 10% of the forensic evidence is detected and identified by other vendors. The remaining 90% is totally under the radar and looks like normal communication, and a full 90% of infected users go unidentified.

In your opinion, what is the biggest problem in the cyber world today? And how can it be solved?

There has been a shift in the way attackers operate, with sophisticated tools and services available at very low cost. We know that attacks exist in organizations long before they are detected, sometimes even years. Even when detected, there is a long period during which the organization runs investigations to understand the scope of an attack. This can take months and, in some cases, the full scope is never actually revealed.

CISOs need to reconsider their security strategies and adapt their organizations’ security measures accordingly. Full scope detection of incidents ensures that attacks are fully detected in a timely manner, causing minimal damage to the organization and leaving the attackers empty handed.

About the Author

Ditsa Keren is a cybersecurity expert with a keen interest in technology and digital privacy.

Did you like this article? Rate it!
I hated it! I don't really like it It was ok Pretty good! Loved it!
out of 10 - Voted by users
Thank you for your feedback