How It Works
ResponSight’s Corvum Suite is an enterprise risk profiling solution that ingests user telemetry to analyse risk across the entire organisation. Unlike Endpoint Detection and Response (EDR) or User and Endpoint Behavioural Analytics (UEBA), Corvum Suite does not rely on potentially private or sensitive information that might be divulged by the user or “heavy” endpoint technologies to assess risk. As a result, Corvum Suite is lightweight and goes unnoticed by the user – there’s no dock icon or application interface, and no support headaches for your team.
ResponSight’s Corvum Suite comprises three key elements – the Corvum Collector that gathers the metrics and telemetry; the Corvum Aggregator that bundles and manages data delivery to 3rd party solutions and the Corvum Analytics Engine that does all of the heavy lifting and performs the analytics for enterprise risk profiling.
Proactive, early warning
Faster response times
Enhance existing investments
Greater visibility
Corvum Analytics Engine
The Corvum Analytics Engine uses data science and artificial intelligence to provide the risk measurement and anomaly detection capabilities of ResponSight’s Corvum Suite. Through the incorporation of disparate sources of data collected at the endpoint, Corvum learns complex patterns of machine activity and user behaviour, from single-endpoints and across the enterprise. Following deployment, Corvum rapidly learns to identify the main sources of risk, categorized by risk type, endpoint, and department, providing unparalleled visibility into the risk makeup of your organization and the tools to more accurately map the road to enhanced security.
Features
- Real-time adaption: Corvum is an online learning system, learning features specific to your organisation and continuously improving in real-time as new information is collected.
- Responsive: Changes in the risk structure of an organization, introduced by external (unwanted) influences or by deliberate changes to the security infrastructure, can be assessed in real-time via changes in measured enterprise risk.
- Fast returns: Clients will typically see informative enterprise and endpoint risk profiles within a week of deployment.
- Extends existing technology: This technology complements existing commonly used system (e.g., SIEM) by prioritizing detected threats using risk and escalating the priority of potentially dangerous but previously unknown threats.
- Privacy-preserving: Analytics performed do not require access to sensitive, identifying, or personal data, without any loss of statistical power or accuracy.
Corvum Collector
Metrics and Data
Only telemetry and statistical metrics are collected – no “rich” data, so there is no private or sensitive data collected at all. Light weight collection means no user or network performance impacts
Platforms
Corvum Collector currently supports Windows 7, 8 and 10, and MacOS Sierra and High Sierra. Nothing is visible to the user, so there is no help desk overhead either.
How is it Secured?
Get better visibility of the endpoint whilst supporting your BYOD workforce. Corvum increases your oversight of risk outside the corporate network without impact to the user.
Corvum Aggregator
Functions
The Corvum Aggregator acts as “traffic cop” – Collectors deliver data bundles, and integration to 3rd party solutions (such as SIEMs) occurs here. Reporting dashboards are delivered here)
Integrations
3rd party technology and solution integrations ensure you enhance the value of your existing investments. SIEM, data lakes, ticketing systems, and incident response systems are all possible through APIs
How is it Delivered?
The Corvum Aggregator is a virtual machine – lightweight (less than 1Gb) and low performance requirements (less than a VDI), the Aggregator does not require much to deliver the required outcomes
Reporting
Executive Summary
Overall summary, board level
Monthly Risk Scores
Trend over time and within month
Risk Summary
Risk exceptions as % of total
Risk Scores
All Users
Risk Score
Trend Line
Activity Risk
By endpoint
Time Series
Detail (for technical review)
Exception
Example – Process Counts
Metrics and Data
What We Collect
ResponSight has been designed specifically to address the new problems incurred when deployment security and risk technologies – how do enterprises get the required outcomes without actually creating another target for attack? Security and risk technologies currently collect too much data that is often not required, and may not even be valid anyway.
ResponSight technology collects numerical, mathematical and statistical data about how the endpoint is used. By combining large volumes of raw numerical telemetry and selected metrics, it’s possible to build activity and behaviour profiles about users and their laptops, without ever knowing who that user is or what that laptop is.
ResponSight is always happy to show enterprises the raw data we collect – we’ll never hide behind any claims of “proprietary IP”, it’s your data and you’re welcome to see it (even if it is basically meaningless numbers to anyone but us!)
Why We're Different
ResponSight was born out of frustration with most current approaches to security and risk:
- “big iron” technologies that require excessive access and trust inside organisations;
- solutions that collect too much “rich” data that may not even be reliable and often is not even required to achieve the desired outcome; and
- security and risk offerings that become the targets for attack themselves, as a direct result of the design decisions relating to the above
The ResponSight approach to security and risk is definitely harder – we’ve spent over 2 years just in R&D, building our IP. As a result, our approach and design is intended to ensure we’re not a vector for attack into the enterprise; that we won’t have any private or sensitive data stored on our systems that could be targeted for attack; and that ultimately we can profile enterprise risk as actionable intelligence for boards and executives to set useful priorities