Perception Update - Anomalous Host and Session Scores

The anomaly score produced by the neural network on any session is now shown to the analyst

Utilising Perception’s statistics from the neural network, it is now possible to indicate to an analyst that a conversation between two hosts on the network is deemed to be outside of the norm. This information is now collated and presented to the analyst in the form of the hosts and sessions with the most and least unusual behaviours with a score given for each.

At Perception we believe that particularly unusual behaviour isn’t the be all and end all of cyber security.  We do think, however, that this information can sometimes be useful, and any data about particularly unusual sessions should be available to the analyst, so we’ve put statistics on unusual sessions on a separate screen on the UI. 

This information provides the analyst with additional metrics on which to base their investigation into a given host.  For example, if some unusual scanning behaviour has been detected for a specific host, then these statistics can be used to enhance the information to the analyst by indicating if any other anomalous behaviour has been detected.  As a result the analyst can build a broader or more detailed picture about a particular host to speed up or more accurately triage something of interest.

This update is CCS based, and will be pushed to all managed customers at the pre-agreed upgrade time.  Self-monitored customers can update their own CCS using the software upgrade processes.  If you have any further questions about this upgrade please contact us at