Passively gather session intelligence Situated between the client and the web site
Model the observed behavior How did they navigate the site?
Isolate the weirdos Funny weird or scary weird? Cluster weird activities
Alert and Mitigate When X occurs: open a ticket, block the traffic, email me
Here’s how our technology works.
We look at all of the traffic, we monitor every click, and we score every click through a web session. And we use that to establish a baseline, separate good guys from bad guys. The 1% of bad traffic on a web site is anomalous, because fundamentally bad guys act differently.
Here are the flows, bad guys act different to take notes.
Page Details give a high level overview of every page accessed in a given hour, as well as baseline statistics on use.
In this case, we sorted the Page Details view first by the total number of clicks, thereby giving us the most frequently accessed page. We immediately saw that this page stood head-and-shoulders above the others, and that a single IP (the Top IP) accessed the page more than 200K times.
Silver Tail’s threat clustering is exactly that: it clusters anomalous behavior based on facets of the user’s session.
Page Details showed us where the problem was on the site. Threat Clustering bucketed the bad actors together, and Summary View will let us look at each actor individually to gain a granular perspective on their behavior.
Accessibility of Hacker Tools and the Use of Behavioral Analytics