FREQUENTLY ASKED QUESTIONS
Does ResponSight technology collect any personal information?
Absolutely not! ResponSight technology collects numerical, mathematical and statistical data about how the endpoint is used. A couple of examples:
- ResponSight can detect when a browser is opened, but does not capture specific details of the users’ activity inside the browser;
- ResponSight has visibility of process names and paths, but this data is hashed or encrypted before delivery to our cloud service, so even non-sensitive information is protected to ensure sensitive information is not inadvertently disclosed.
The key to identifying changes in risk is based on being able to tell when someone else (an attacker, or a piece of malware) is controlling the endpoint. It is not easy for an attacker to replicate days/weeks/months of security profile analysis to mimic the real endpoint user in a short period of time, and that’s the trigger for changes in risk and how potential security breaches can be initially identified.
Is change in risk the same as a security breach?
No, changes in risk are the earliest stages of a possible breach, which could be as soon as moments away (like ransomware) or months away (like Advanced Persistent Threats). ResponSight is different because we focus on behavioural activity as a very early warning of changes in risk, rather than traditional breach detection methods using signatures or logging. Think of ResponSight more like an earthquake warning system – we monitor for very early subtle changes, so your existing technology knows what to look for when the events happen.
So ResponSight is just another UEBA (User and Entity Behaviour Analytics) technology?
Although ResponSight does share some common capabilities, many UEBA technologies are gathering their behaviour data from log data, or centralised SIEM repositories. Such data is rarely complete, and often out of sequence. ResponSight collects raw statistical and telemetry data at the endpoint, as close to the actual user as possible. We don’t rely on logs, as we know they can’t be trusted (particularly during or after a breach). Our behavioural analytics is tightly linked to the actual user, rather than just a loose association through distant logging alone.
Does ResponSight actually do "Real" data science? What's involved?
Enterprise technologies don’t get created overnight – almost 3 years of research and development has gone into the creation and validation of ResponSight’s approach to risk profiling using only statistical metrics and telemetry. Hard problems take time, and the approach is still evolving. ResponSight has a dedicated team of data scientists who are working with the latest approaches to machine learning and artificial intelligence, and applying established techniques such as deep learning and neural networks in new and novel ways to gain valuable insights into activity and behaviour.
ResponSight’s approach to data science delivers on our risk profiling objectives – never collect private or sensitive data, and deliver analysis that scales to the largest enterprises. ResponSight is delivering visual insights to clients around risk and behaviour not possible with their current technologies.
Will ResponSight block attackers?
ResponSight is a monitoring (detective) technology, rather than a blocking (preventative) technology. ResponSight is designed to work with your existing blocking technology, so your previous investments can be better leveraged to increase effectiveness.
Does ResponSight integrate with other security technologies? How?
In most cases, yes. We’re developing API’s and data feeds to provide quality data to Security Incident and Event Monitoring (SIEM) and various Threat Intelligence and analytics engines.
For basic integrations, where RepsonSight sends data to another technology platform, we support Syslog as a message format and can customise some components of the data delivered. Syslog messages are sent out of ResponSight, there is no inbound “query” functionality for Syslog messages
What vendor technologies do you integrate with?
ResponSight can send messages and risk status to most technologies that support receiving Syslog messages. This is generally most SIEM platforms, including Splunk, Palantir Alien Vault, and ArcSight as examples. ResponSight is also working closely with technology providers that share a common messaging design framework (which makes integration easier) – current examples are Nuix and SIEMonster.
Where SIEM platforms only use a proprietary format for receiving messages, ResponSight may still be able to assist. To determine if your SIEM requires customised integration, please contact us
How does ResponSight licensing and pricing work?
ResponSight is licensed very simply – one low rate per endpoint, per month. The larger the organisation, the lower the per endpoint rate. Please get in touch to discuss your specific requirements