Malicious Behavior Indicators (MBIs)

ML-based, leveraging deep security research and in correlation with MITRE ATT&CK, Skyhawk MBIs identify suspicious and malicious activities that are part of a breach

Learned Suspicious Behaviors

MBIs are activities that Skyhawk has identified as risky behaviors that pose a threat to your
business based on our own research, as well as the MITRE ATT&CK framework. They are
detected in seconds to minutes from log arrival in your cloud.

Three types of algorithms are leveraged
to detect Malicious Behavior Indicators

Rule-Based

Identifies a specific abnormal event or pattern – such as disability activity logs

Rule and History-Based

Identifies a specific abnormal event or pattern over time and generates an MBI if something odd occurs or if something typical occurs differently than it has in the past

Machine Learning-Based

Uses ML to learn from your own data sets to detect very complex events specific to your environment – like anomalous storage access

MBIs are then analyzed further to provide additional context to security teams:

AI-Scored for Severity

Algorithms assign scores so the severity and risk to the organization is clear, and teams understand where to start

MITRE ATT&CK Alignment

MBIs are aligned to specific techniques within MITRE enabling teams to quickly understand which remediation methods will be the most effective to combat the threat

Attack Stage

Each MBI is assigned an attack stage to better understand the technique that is being leveraged to penetrate the environment

MBIs create Attack Sequences and Realerts

The sequence of MBIs demonstrates the path that attackers are using to penetrate your environment and raises them to “Realert” status so the security team understands the business impact

MBIs are linked in the Realert Attack Sequence

BACK TO PLATFORM

Getting started is easy!

Let's Chat