Perception is a dedicated cyber security tool designed to find malicious activity or configuration vulnerabilities on a network regardless of source or exploit. It analyses all network traffic at a network core, or multiple cores, and identifies types of behaviour of that traffic. It then carries out anomaly detection, and then carries out deeper analysis on the more unusual traffic through the network. The data collected by Perception includes everything an analyst could need to discover malicious activity, possible network vulnerabilities, or network misconfigurations. This data is presented to the analyst in the most simple format possible, so they can rapidly triage each behaviour, and with packet captures collected, they're able to see exactly what was travelling through the network if anything looks suspicious. We believe Perception can increase the efficiency of any analysis team by an order of magnitude, why don't you contact us for a free trial to see for yourself?
The Perception sensor is a 1U high blade server that plugs into a SPAN port or utilises a network tap. Completely invisible to the network, it has no effect on speed or network performance whilst it monitors. Multiple sensors can be used on the same network if multiple network cores are present, and they all send behavioural information back to a Central Correlation Server (CCS).
Introduced in our version 2.0 software update, ForensicAI is a feature built into the Perception CCS that is designed to generate alerts from the behaviours that Perception sensors generate. We spent a long time monitoring how our analysts identify vulnerabilities and malicious activity on a customer network, and built an artificial intelligence to mimic this task.
ForensicAI monitors all behaviours generated from the sensors and constantly correlates them with one another. As a result, the system can identify suspicious behaviour from a series of seemingly unconnected and benign individual activities over an extended period of time. ForensicAI allows Perception to generate alerts with extremely low false alarm rates and incredible detection rates.
Our SOC or yours?
Perception is available as a managed service, which means all alerts head back to our Security Operations Centre (SOC), where industry-leading analysts and researchers can provide all the monitoring capability you'll need. Alternatively, you can self monitor the Perception system from your own site or that of your preferred MSSP.
The data Perception gathers gives the analysts at the SOC everything they need to know to categorise malicious activity. The output of this analysis is fed back to your network security department and includes information about:
- Authentic but anomalous activity
- Discovered malware and remediation activity
- Most likely threat vectors into the network
- Policy breaches or dangerous network behaviour from users
Our SOC is located at Chemring Technology Solutions' site at Roke Manor, where some of the highest level cyber research in the world is conducted. Perception benefits from this partnership by utilising the same talent that conducts work for government-level security departments worldwide to feed into product development and analysis. No other business is as close to the cyber security threat landscape as Perception.
Using this information, not only do you know where the danger is and how to solve it, you will understand where the risks in the network are, and what actions to take to protect the network for the future.
As a self-monitored system, you retain all of the data Perception produces on your own network. Your selected IT professional is then able to rapidly identify all network traffic that could potentially be malicious. Using Perception's bio-inspired techniques, the analyst is able to see how unusual and threat-like all network traffic is. This process can increase the efficiency of a standard SOC team by an order of magnitude, as they can quickly focus on what's important and start investigating, rather than being flooded by a series of false-alarms.
All of our self-monitored customers have access to the Chemring Technology Solutions research team at Roke Manor. Due to the flexibility within the system, our engineers can create specific algorithms to provide a greater level of detail on the behaviour you're most interested in, or immediately alert you if specific activities occur within your network.
Always Up To Date
Perception is constantly evolving to match emerging threats. New intelligence is added to improve the product to suit the ever changing threat landscape. We push regular free updates on average once every three weeks, meaning that all our customers are as protected as possible, without incurring expensive upgrade fees. You can read about the latest updates by looking at the 'updates' posts on our blog.
Advancements to Perception come from four different sources, which ensures we are providing useful updates:
Internal Development Team
Typically providing efficiency improvements, our internal development team have a key role in deciding the upgrades to include with each update to Perception.
Internal Analysis Team
The same analysts that monitor Perception data have a direct influence on how the system is developed. This ensures they are always provided with the right data to diagnose potential threats or vulnerabilities.
Our customer base has a direct link to the development team and can suggest specific threats or behaviours they’re concerned about and updates added accordingly.
Expert Cyber Researchers
Working closely with government departments and Roke Manor Research ensures Perception is able to detect tomorrow’s threats before they arrive.
Head of Perception
Head of Perception Service
Regional Business Manager - Security
Senior System Architect