FAQFrequently Asked Questions
Does ResponSight technology collect any personal information?
Absolutely not! ResponSight technology collects numerical, mathematical and statistical data about how the endpoint is used. A couple of examples:
- ResponSight can detect when a browser is opened, but does not capture specific details of the users’ activity inside the browser;
- ResponSight monitors keyboard and mouse activity, but the actual keys pressed are not recorded – typing speeds and mouse movements are analysed to provide a unique activity signature.
The key to detecting security breaches is based on being able to tell when someone else (an attacker, or a piece of malware) is controlling the endpoint – it is not easy for an attacker to replicate days/weeks/months of security profile analysis to replicate the real endpoint user in a short period of time, and that’s the trigger for how security breaches can be initially identified.
Will ResponSight detect all security breaches?
No, it is not possible for ResponSight (or any security technology) to detect all security breaches, despite the many claims you might hear or read about. ResponSight is different because it focuses on endpoint behavioural activity, rather than traditional detection methods using signatures or logging. The goal is to shorten the detection timeframe, and provide timely alerts for security administrators and incident responders to action.
So ResponSight is just another UEBA (User and Entity Behaviour Analytics) technology?
Although ResponSight does share some common capabilities, many UEBA technologies are gathering their behaviour data from log data, or centralised SIEM repositories. Such data is rarely complete, and often out of sequence. ResponSight works on the endpoint, as close to the actual user as possible. So our behavioural analytics is tightly linked to the actual user, rather than just a loose association through distant logging alone.
Will ResponSight block attackers?
ResponSight is a monitoring (detective) technology, rather than a blocking (preventative) technology. ResponSight is designed to work with your existing “blocking” technology, so your previous investments can be better leveraged to increase effectiveness.
Does ResponSight integrate with other security technologies?
In most cases, yes. We’re developing API’s and data feeds to provide quality data to Security Incident and Event Monitoring (SIEM) and various Threat Intelligence and analytics engines.
How does ResponSight licensing and pricing work?
ResponSight is licensed very simply – one low rate per user, per month. The larger the organisation, the lower the per user rate. Please get in touch to discuss your specific requirements.