Accurately identify security threats
Hundreds of security teams around the world rely on AlphaSOC to uncover malware, data exfiltration, and policy violations within their networks. Our cloud and on-premise analytics tools instantly provide actionable alerts.
Our Splunk applications instantly score network logs to identify emerging threats and anomalies within networks. Non-Splunk users can access our API directly and create custom integrations with our SDK.
In briefThe AlphaSOC Analytics Engine performs deep investigation of the material, such as:
- Volumetric and quantitative analysis (counting events, identifying patterns)
- Resolving FQDNs and domains to gather context (identifying sinkholes and ASN values)
- Breakdown and analysis of each FQDN label (i.e. hostname, domain, TLD)
- Gathering of reputation data (e.g. WHOIS and associated malware samples)
- Categorization of traffic based on known patterns (e.g. C2, P2P, VPN, cryptomining)
- Uncovering C2 callbacks and traffic to known sinkholes
- Tor, I2P, and Freenet anonymized circuit identification
- Flagging traffic to known phishing domains
- Brand impersonation detection via Unicode homoglyphs and transpositions
- Flagging multiple requests for DGA domains, indicating infection
- DNS and ICMP tunneling and exfiltration detection
- Alerting of lateral movement and active network scanning
- Policy violation flagging (e.g. third-party VPN and P2P use)
We also keep your data secureThe people at AlphaSOC take security very seriously and understand how important the responsibility of safeguarding data is to customers.
- Data encryption at-rest using AES256
- Transport encryption using TLS 1.2+ and AEAD ciphers
- Strong authentication via Yubico hardware and an internal CA
- System architecture and source code audited annually by a third-party
AlphaSOC users submit telemetry from network sources including firewalls, web proxies, DNS servers, and intrusion detection systems.
The Analytics Engine performs multi-dimensional processing of network telemetry to highlight anomalies and bring them to your attention.
Security teams use our integrations for SIEM and SOAR platforms to escalate high fidelity, actionable alerts for triage and threat hunting purposes.
“The cloud!” somebody shouts out loud. “This means my data is sent to the cloud – my precious telemetry data that in the hands of the bad guys could reveal too much about myself!”. This is correct. And for the sake of transparency, let’s have a look at what actually goes on behind the scenes.