Introducing Mistnet - CyberMist

Go beyond network traffic analysis and see what you are missing in your enterprise.

CyberMist is next-generation threat detection and response software providing complete visibility across user, host, network, and cloud with the ability to expose and block threats in real-time.

It’s powerful, easy to use, and purpose-built for your modern enterprise.

MistNet is the industry’s first multi-entity threat detection and response platform.

Many enterprise customers experience many painpoints when it comes to cyber security. The statistics are staggering.

A typical enterprise receives up to 17,000 security alerts a week, with roughly 96% going uninvestigated.
To make things worse, 14% of breaches don’t even trigger a security alarm,
Allowing hackers to lurk on average for 269 days before detection.

With today’s highly distributed, multi-cloud environments a new approach is needed in order to provide full 360-degree visibility into threats and vulnerabilities. Legacy technologies focusing on end-points or networks or perimeters alone light up only small slices of the infrastructure. Without a global view much remains in the dark. Ultimately to arrive at the ground truth behaviors for an enterprise you need to pull raw network telemetry information and raw OS internal information end-to-end.

While this may sound trivial, it has to date remained largely aspirational for a variety of reasons including cost, complexity and compliance reasons. For any reasonably sized enterprise, capturing raw network traffic and OS internal data would result in terabytes of data. And besides the sheer volume of data, there’s the very real problem of getting the data to where it can be processed for anomalies. To date, the thinking has been to try to move the data to where compute power exist, typically over the WAN to a central data center or cloud resource. But with the volume of data we’re talking about, that’s a non-starter from a cost perspective. It’s also in many cases in violation of compliance regulations as security data increasingly cannot be transported across organizational or geographic boundaries for privacy or GDPR reasons.

A new approach is needed for threat-detection and response. . Instead of trying to move all of the raw security data to a centralized set of resources, change the paradigm and bring the compute power to the security data. Harnessing the power of mist computing Mistnet developped its patent-pending TensorMist-AI^TM technology. The TensorMist-AI^TM technology constructs a geo-distributed meshed data pipeline, by combining scale-out data management with distributed processing analytics.

In doing so, it eliminates the backhaul ‘tax’ and thus eliminates the scaling challenges, cost challenges, and compliance issues associated with moving large amounts of security data over the WAN or to the cloud.

TensorMist-AI^TM puts the Mistnet platform in a class by itself—the first to apply mist computing to cyber security, and the first to deliver true multi-entity threat detection and response end-to-end across the enterprise. MistNet is capable of collecting and enriching tremendous amounts of security data ‘on location’ leveraging edge AI techniques powered by Google TensorFlow and Apache SparkM, generating exceptionally accurate threat models, all without having to move any of the data. No other system can do this.

Two other things will also blow away the industry (and competition). First, the solution is 100% cloud-native and scale-out by design meaning it can scale to your hearts content. And second, we offer all of this at a price that scales with your enterprise, packaged as a subscription service that you can install and use in less than an hour.

MistNet vs Competition

Architecture

Geo-distributed big data mesh architecture

Individual local appliance

Network visibility

Enriched network PLUS end-user, cloud metadata, & OS internals

Network five protocols

Network metadata only

Full end-user visibility

Yes, models & records all user activity

OS internal visibility

Yes, (Windows, Mac, Linux, BSD)

Kubernetes and container visibility & modeling

Yes, for Kubernetes & Docker environments

IDS integration

Full support for signatures, threat intel and user/host enriched Bro/Zeek

Only Bro/Zeek log export unenriched

Vulnerability database integration

Leveraged to eliminate false positives

Integrated hunting

Full capabilities including hot & cold configurations for real-time hunting & forensic investigations

Limited

Integrated Mitre ATT&CK™ engine

Yes, including real-team incident & threat group mapping

Public Cloud metadata (AWS, Microsoft Azure, Google Cloud)

Full enriched metadata; Serverless & VM/OS

No, network tap only

Integrated AI/ML Workbench

Yes, Google TensorFlow, Apache SparkML, Mistnet helper libraries

Node performance

>100Gbps

< 10Gbps

20Gbps

CyberMist Is Born And Bred For Enterprise Threat Detection

CyberMist is engineered with the latest cloud, artificial intelligence and big data technologies producing a 100% cloud-native, near infinitely-scalable solution that delivers superior detection and response.

360º ground-truth visibility

• Users, endpoints, hosts, virtual machines, containers

• Local & wide-area networks, data centers, cloud resources

Edge AI-driven detection & defense

• The most complete, most accurate, threat detection capability

• Reduces false positives by over 90%, blocks attacks in real-time

Fast, AI-assisted investigation

• Built-in Mitre ATT&CK™ engine for smart hunting

• Zero data movement for privacy & compliance

CyberMist Detector

CyberMist Defender

CyberMist Hunter

Seamless Integration.

CyberMist installs in under an hour and is designed to be plug-and-play with your infosec infrastructure, integrating seamlessly with leading security appliances, SOC workflow packages, data management and SIEM platforms, virtualized and containerized environments and public cloud properties.o.