The Morphick Defense Platform provides a single pane of glass for analysts to aggregate threats across tools and across clients’ networks. Our platform provides powerful analytical pivoting capabilities so analysts can identify not just a piece of an attack but investigate to find the full extent of an attack.

Typical event correlation is designed to detect attacks by sifting through many events. The problem is that approach will only discover a portion of an attack – the tip of the iceberg. Analysts have the capability to dig deep under the surface to learn the true scope of the attack.

For example, an analyst can start by identifying one malicious communication, pivot on the network traffic to identify all hosts that participated in that communication, pivot on those hosts to identify a new previously unknown backdoor, pivot on the backdoor to discover a malicious email and attachment that originally delivered the backdoor, pivot on the email X Mailer to identify other malicious emails – and on and on.

Allowing analysts to follow these threads, the Morphick Defense Platform greatly enhances productivity, allowing them to do deeper analysis on more events. Being able to search and identify any communication to any IP or URL or whether any file has been seen in an email, on a host, or on the network is a powerful capability that enables analysts to go much deeper.

Morphick follows every lead associated with known bad activity; we don’t just investigate the surface of the attack. 

Read More

• Blog post – What is Analytical Pivoting ™?
• Why is targeted visibility so important?
• How does Morphick detect better than anyone else?
• Morphick Defense Platform