Awake Security Platform Valuable Features

Kristofer-Laxdal
Director of Information Security at a computer software company with 201-500 employees
What is impressive about the tool is the time to value. Plugging it onto our network, we have found things that other tools have just never seen. We found those issues quickly and were able to action against those issues, remediating them quickly. I don't know another product that delivers as much value so quickly. I have the tool set up to alert, be able to look at things, and put things together graphically. This helps to understand the fingerprints of the device, what the device has done, where it's been, and what it's doing on my network. It really gives me a high assurance that my security posture will remained intact. I have it now integrated into our security incident and event management (SIEM) tool, so I am able to correlate events across my network using Awake as my front-end or my first line of defense. Then, I can also pull in the Awake information and use that to pivot across to other sources within our environment, whether that be enterprise detection and response at the endpoint level or security orchestration and response. Awake's Security Knowledge Graph is incredible in terms of a couple of things: * The system is laid out very easily for me to utilize. * I find it comforting if I look at the DNA of the Awake security staff. All of them are deep and wide, in terms of their experiences. You have ex-Mandiant folks along with ex-US military folks who have been through serious cyber situations and assisted large companies, if not governmental organizations. They have seen these threats in the wild. They know how to deal with these threats. Moreover, on weekly calls, they are notifying or diving deep into areas that we might have missed. View full review »
John Chesson
Chief Security Officer
The most valuable feature is the ability to see suspicious activity for devices inside my network. It helps me to quickly identify that activity and do analysis to see if it's expected or I need to mitigate that activity quickly. One of the best use cases was when we knew that one of our vendors that came into our site had a ransomware event at their corporation. I was able to quickly find his device using the Awake system and determine that there was no threat in our system. Something like that usually would have taken four to five hours. It took me about five minutes. Also, the Security Knowledge Graph is a display of the devices and the activities that we see. It doesn't use a heat map but it uses the size of a bubble - a circle representing a device that's probably highest on the threat list - and shows what all the connections are. That provides a great visual, at a glance, of what's going on in my environment at any one time. I really like that feature. I use the solution to identify and assess IoT solutions, if they connect to our network. The guest network is the best example. People use the guest network to connect to the thermostat or their Apple Watch. I can see that activity. If it's a network IoT type of thing, like a call system or Amazon Echo, I'm going to see that activity on our network and Awake should be able to call that up pretty quickly. View full review »
Eric Etherington
Chief Information Security Officer at Dolby Laboratories
We definitely have machines that might not lend themselves to having endpoint security agents on them, either because they can't support an agent or they're testing devices that have very critical configurations that an agent might have a negative impact on. Being able to monitor traffic to and from those devices over the network is definitely preferable and really the only way to do it, to not have a negative performance impact on those machines. That could be IoT devices. It could be test devices of early-stage prototypes. Being able to understand the traffic coming to and from those devices using Awake has been a big deal for us because it wasn't something we were able to do before with any other technologies. The security knowledge graph has been very helpful in the sense that whenever you try a new security solution, especially one that's in the detection and response market, you're always worried about getting a lot of false positives or getting too many alerts and not being able to pick out the good from the bad or things that are actual security incidents versus normal day to day operations. We've been pleasantly surprised that Awake does a really good job of only alerting about things that we actually want to look into and understand. They do a good job of understanding normal operations out-of-the-box. Then for those things that we do want to mark as being normal operations, as opposed to security incidents, whenever we do configure those in the system, they never come up again. They do a good job of weeding those out. We're not actually getting that many alerts from the system and when they do come up, they are definitely things that we want to look at. It's been good. It didn't take us very long to get to that point. From day one of the POC, we were seeing things that we wanted to look at and we weren't looking at a lot of false positives. The data science capabilities of Awake are a big reason why the false positive rates are so low. The data science side really gives Awake the ability to spot things that are out of the norm. Whether it be IoT devices or devices that are hard to have a standard profile for, it does a good job of figuring out what's out of the norm for that type of device or the type of traffic that would typically come from that device. The encrypted traffic analyses are a key part because encryption has become the defacto standard for all network traffic, even internal traffic. One of the biggest challenges for security teams over the last five years is that we have more and more encrypted traffic - rightly so - to help protect those data streams, but because of that, it makes it hard to have visibility into that traffic. Awake has the ability to understand encrypted traffic and capture parts of traffic that we want to look at more closely while at the same time has very little impact on that traffic because it's sitting on the side and viewing that traffic without being in front of it and having a negative impact on it. That was a big deal for us because if you have to decrypt traffic and pull traffic offline and store it, that creates a lot of other privacy and security problems that most teams don't want to get into. Being able to have something in place that can evaluate encrypted traffic is really important now. Awake Security provides us with better situational awareness. First and foremost in security, the first step is to gain visibility. The nice thing with Awake is that it will give visibility into environments that you likely don't have visibility into today. Part of that visibility is going to increase your situational awareness and start to understand the normal versus the abnormal for that environment. We have better situational awareness by 25 to 50% but I think a lot of that depends on what your internal network architecture looks like. I think security groups always struggle with how to gain visibility over internal networks. We do pretty good at endpoints and pretty good at the edge, but internal network flow is always a challenge. Depending on how your network is set up, you can gain as much visibility as you'd like using Awake. View full review »
Learn what your peers think about Awake Security Platform. Get advice and tips from experienced pros sharing their opinions. Updated: March 2021.
466,310 professionals have used our research since 2012.
reviewer1486446
Chief Security Officer at a university with 1,001-5,000 employees
The most valuable portion is that they offer a threat-hunting service. Using their platform, and all of the data that they're collecting, they actually help us be proactive by having really expert folks that have insight, not just into our accounts, but into other accounts as well. They can be proactive and say, "Well, we saw this incident at some other customer. We ran that same kind of analysis for you and we didn't see that type of activity in your network." If there's a major vulnerability or breach or something that makes the news, they give us that peace of mind by saying, "Yes, for sure, we saw it," or "No, for sure, we didn't see it." Awake moves away from traditional alerts and instead focuses our team on the entities that pose the highest risks to our environment. We have other tools in our environment that help us monitor for specific kinds of attacks or executive-level accounts with UEBA or other technologies. What this solution gives us is that insight into the network to see, when we've done a packet capture, that this is just an email to a family member and not a malicious activity like we would have assumed if we got that alert from some other monitoring system. It provides that extra level of insight that we'd otherwise be missing. In addition, the EntityIQ, its AI-based Security Knowledge Graph, was one of the big features that drew us to the product. With the competitors that we looked at, it was very difficult to find out who someone was. We would have to go to other systems to correlate and say, "Okay, well, this was a user and they had access to these machines, but someone else logged on to this machine at a certain time." The value of EntityIQ is huge. It reduces the amount of investigation time, and it helps us correlate events faster and be more responsive. A lot of vendors have tried to do something like that, and it seems like Awake has gotten it right. While we don't do decryptions, it's still valuable to have insight into the metadata to know where people were going if they match against threat-list IP addresses. It's also valuable just to know the size or length of certain sessions. It's very different if it was just one packet versus hours-long, data-exfiltration-type activity where we can see a lot of data was downloaded. We're also very concerned about privacy, being at a university. So being able to provide some level of insight, even with an encryption, is really important. View full review »
reviewer1467852
Director of Projects and IT at a healthcare company with 201-500 employees
We got a couple things out of it that we were looking for. First, it gives us something that is almost like an auditing tool for all of our network controls, to see how they are performing. This is related to compliance so that we can see how we are doing with what we have already implemented. There are things that we had implemented, but we really didn't know if they were working or not. We have that visibility now. The second thing we were looking to do is to improve on the things that we were not aware of, that we didn't see before. Awake is an additional tool in our defense system, obviously not the only one, but it broadens our security posture and I believe it has also raised our security maturity. We also use the EntityIQ feature and it is valuable. The user interface is very approachable and easy to navigate. But when it comes to getting deeper into it, creating more of the rules or recipes, we leave that to them. We just explain to them what we want to see and they create it for us. View full review »
reviewer1217625
Head of Cyber Threat Operations at a energy/utilities company with 1,001-5,000 employees
There are quite a few valuable features. The most valuable aspect of the tech is the fact that it's like a "force-multiplier." It will reduce the amount of time and effort it takes to triage a potential compromise. That's important because, in everyday slang, time is money. If you've ever done a business-impact analysis — business continuity — if an attacker can reduce the confidentiality, integrity, or availability of a given system, it will have a financial impact. The quicker you can eliminate or mitigate the compromise, or avoid it altogether, the less money you are looking at spending to recover from a hack. If you can discover it, and detect it, and prevent it before the attack is successful, you actually have a return on investment. The Security Knowledge Graph tries to centralize things that are notable in the environment. Awake uses a lot of AI and ML to bring to an analyst's attention things that should be of concern. It reduces the amount of searching that an analyst has to do to find notable events or devices. It collates all that and it puts it in one spot. So if you have a device that is beaconing out to a malicious IP, to download malware or the like, Awake will see that and it will alert the analyst right away, rather than the analyst trying to find it in aggregate data. The data science capabilities of Awake Security are very strong. For a network traffic-analysis platform, it's definitely the best in industry. Vectra AI and Darktrace do similar things, but they don't leverage the math the same way that Awake does. As for the solution’s encrypted traffic analysis, encrypted traffic is the next nut to crack in logging and monitoring. What they're trying to look for are different cipher suites that can be used to encrypt potentially malicious traffic. It's trying to do something that no one else is really doing. The solution helps us monitor devices used on our network by insiders, contractors, partners, and suppliers. That's the "meat and potatoes" of what the technology does. If there's a device on the network, it doesn't matter who it's owned by. If it's on the network Awake will see it. Finally, the cloud TAPs for visibility into cloud infrastructure are 100 percent necessary. I don't know how else you're going to see it. View full review »
Dwayne Samson
Senior Analyst Security and Compliance at a insurance company with 5,001-10,000 employees
Awake Labs managed network detection and response (MNDR) service is its most valuable feature. The Awake Security team find incidents that we didn't realize were happening in the environment. Due to our cloud-first approach and outsourcing to managed services, a Tor beacon was observed by the Awake Security team. Files were being uploaded from one of our MSPs. I am impressed with the solution’s EntityIQ, which is its AI-based security knowledge graph, in terms of its ability to identify and profile. We evaluated other vendors and were really poking at the AI. Not everyone does AI or machine learning the same way. Awake Security's model is unique in the way that they do their AI with their entities. View full review »
reviewer1342227
CISO at a insurance company with 1,001-5,000 employees
The portion that I use the most is the Adversarial Modeling trend. This threat graphing is probably the most useful feature that we have right now. It displays the data that Awake collects, displaying it in a very easy to read and understandable manner. This is compared to other tools in this similar space, where I found the learning curve and the ability to understand what those tools were analyzing and reporting difficult because it took a bit more time to learn how they reported. The data science capabilities of this solution are good. It provides relative correlations. It seems to be very accurate in its detection based on the data science that it runs. Compared to other tools, it seems to be much easier with its machine learning aspects. This solution’s encrypted traffic analysis is good. Every time I have needed to retrieve data for decryption, it was available. View full review »
Rick Pennington
Senior Security Engineer at a pharma/biotech company with 1,001-5,000 employees
* I really enjoy the query language on it. It makes it very easy. * The dashboards and displays are very intuitive. The query language makes it easy to query the records on the network, to do searches for the various threat activities that we're looking for. The dashboard, the Security Knowledge Graph, displays information meaningfully and easily. I am able to find the information that I want to find pretty quickly. Also, the data science capabilities of the are great. We aren't currently using it, but the behavior-based machine-learning that they do incorporate is really impressive. It's the primary reason why we picked up the product. It gives us a high-fidelity, anomaly-based detections. View full review »
Learn what your peers think about Awake Security Platform. Get advice and tips from experienced pros sharing their opinions. Updated: March 2021.
466,310 professionals have used our research since 2012.