Awake Security Platform Review

Machine-learning works at a different level — it's like a robotic network engineer


What is our primary use case?

The solution is a kind of Swiss Army knife. It can do a number of different things. We primarily use it for network traffic analysis and threat hunting.

How has it helped my organization?

We had an event where an attacker tried to steal login credentials. We were able to find the targets on the network using Awake and we were able to turn on multifactor authentication, not only for those users but for the entire enterprise. We were discovering that that was a very common attack tactic. It was a driver for change. Now, all users at this company have multifactor authentication as a result of Awake's capabilities.

For a long time I was the only person in our company doing security. We're a $30 billion dollar company. So you can imagine how much I appreciate how much time Awake has saved me to be able to do other things. It's been an immense help.

The solution provides us with better situational awareness. In terms of network visibility, it's looking at all network traffic. Anything that's going through, it's doing that full packet capture and it's doing the analysis using the algorithms. And it's telling me what's on the network and what it's doing.

What is most valuable?

There are quite a few valuable features. The most valuable aspect of the tech is the fact that it's like a "force-multiplier." It will reduce the amount of time and effort it takes to triage a potential compromise. 

That's important because, in everyday slang, time is money. If you've ever done a business-impact analysis — business continuity — if an attacker can reduce the confidentiality, integrity, or availability of a given system, it will have a financial impact. The quicker you can eliminate or mitigate the compromise, or avoid it altogether, the less money you are looking at spending to recover from a hack. If you can discover it, and detect it, and prevent it before the attack is successful, you actually have a return on investment.

The Security Knowledge Graph tries to centralize things that are notable in the environment. Awake uses a lot of AI and ML to bring to an analyst's attention things that should be of concern. It reduces the amount of searching that an analyst has to do to find notable events or devices. It collates all that and it puts it in one spot. So if you have a device that is beaconing out to a malicious IP, to download malware or the like, Awake will see that and it will alert the analyst right away, rather than the analyst trying to find it in aggregate data.

The data science capabilities of Awake Security are very strong. For a network traffic-analysis platform, it's definitely the best in industry. Vectra AI and Darktrace do similar things, but they don't leverage the math the same way that Awake does.

As for the solution’s encrypted traffic analysis, encrypted traffic is the next nut to crack in logging and monitoring. What they're trying to look for are different cipher suites that can be used to encrypt potentially malicious traffic. It's trying to do something that no one else is really doing.

The solution helps us monitor devices used on our network by insiders, contractors, partners, and suppliers. That's the "meat and potatoes" of what the technology does. If there's a device on the network, it doesn't matter who it's owned by. If it's on the network Awake will see it.

Finally, the cloud TAPs for visibility into cloud infrastructure are 100 percent necessary. I don't know how else you're going to see it.

What needs improvement?

I would like to see a bit more in terms of encrypted traffic. With the advent of programs that live off the land, a smart attacker is going to leverage encryption to execute their operation. So I would like to see improvements there, where possible. Currently, we're not going to be decrypting encrypted traffic. What other approaches could be used?

For how long have I used the solution?

I've been using Awake for about two-and-a-half years. We're using the most current version.

What do I think about the scalability of the solution?

The scalability is very strong. We are going through an acquisition. Thankfully, I have staff now. But I can go out to the new site, put an appliance there, send that traffic to a hub, and from that hub I can see all three locations that we have now, in one spot.

How are customer service and technical support?

Awake's technical support is very good. We have a good, solid relationship with them. It's pretty stellar.

Which solution did I use previously and why did I switch?

We used a SIEM, through IBM. But we're actually using Awake more than we're using QRadar, our SIEM.

How was the initial setup?

The initial setup was very easy. It's a web-based GUI. It's like an application. I didn't have to build anything. All of the algorithms are built into the tech itself on the back end. Once you get traffic going through a TAP or a SPAN port, you send that traffic to the appliance and the appliance does all the work for you.

The deployment took less than a week.

Our implementation strategy was to find our core switches, run the SPAN port off those switches, and send that duplicated traffic to the appliance.

What about the implementation team?

We deployed with the help of an engineer from Awake. I found them to be extremely knowledgeable.

What was our ROI?

ROI is a very hard exercise in security. I believe a couple of people have tried to come up with a quantified data point to say $2 million, or $3 million; every compromise costs a company $3.47 million. It's difficult to put a financial number on it.

I can point to the fact that we haven't had a successful compromise, and that is likely as a result of Awake's technology.

Which other solutions did I evaluate?

I looked at Netwitness and Darktrace. Neither of them was as capable.

The primary reason we went with Awake Security was the fact that the machine-learning was working at a different level. It was working in a manner that the other two solutions weren't. Vectra AI comes close, but it's not the same.

I try to describe it as "aggregation." Other solutions will say, "Hey, this device is doing something weird." But they don't aggregate that data point with other data points. With Awake you have what's called a "fact pattern." For example, if there's a smart toaster on the third floor that is beaconing out to an IP address in North Korea, sure that's bizarre. But if that toaster was made in North Korea it's not bizarre. Taking those two data points together, and automating something using machine-learning, is something that no other solution is doing right now. The only solution doing that is Awake. It's aggregating data points.

What other advice do I have?

My advice would be to put it up against any of its competitors. Look at the salient data points. So your machine-learning is telling you that something is unusual. Great. Why? And if you don't have an answer for that then I would suggest you look at Awake. Because Awake gets to the "why."

In terms of maintenance of the solution, I've got five people now, but they don't just do this. I have one person who does security training and awareness. I have one person who does threat hunting, who is the primary user of the technology. I've got a cyber-threat intel person, and I've also got a person to monitor operational technology.

Regarding Awake's false-positive rate compared to other solutions, it's not really a SIEM. It's more of a hunting tool. It tells me something that is notable, but there will be some false positives because I don't think any amount of AI or ML is going to be able to know everything about your environment. That's just an impossibility. But it gets about as close to an actual person as you can get. Really what Awake is trying to be is a network architect or engineer, a person. It's trying to be someone who knows the topology, the exact architecture, what devices are doing what, what ports, which protocols, etc. That's really what Awake is. It's a robotic network engineer.

Compared to its competitors I'd rate it a ten out of ten. I don't think there's anything out there that's doing what it's doing.

**Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
More Awake Security Platform reviews from users
...who compared it with Darktrace
Identify hidden network threats

Your network may have security risks that you don't know about. Schedule a live demo to see how you can use Awake Security to identify and mitigate these threats.

Add a Comment
Guest