Continuous learning

To combat the growing sophistication of modern threats, the Plixer ML Engine is also equipped with deep learning capabilities that take advantage of the large quantities of flow data collected by Plixer Scrutinizer to identify complex behavioral patterns and enable advanced features, such as link prediction.

The Plixer ML Engine’s deep learning-based threat detection processes can be summarized in the following steps:

  1. Flow data collected by Plixer Scrutinizer is forwarded to a datastore module for preprocessing.

  2. Once preprocessed, the data is forwarded to the engine, which runs it through a multi-layered neural network designed to discover behavioral patterns in the data.

  3. The neural network uses the patterns to learn how devices on the network typically interact with each other.

  4. After an anomaly has been detected and classified, the system uses link detection to analyze the device’s interactions with other devices on the network.

  5. If the deviation from what the Plixer ML Engine has learned as typical behavior exceeds a set threshold, the device involved is added to an endpoint monitoring protocol.

Devices that have been flagged for further monitoring will trigger Alarms under Plixer Scrutinizer’s Alarm Monitor, allowing security teams to decide whether immediate action is necessary.