Threat Investigation – narrow the risk gap before it’s too late


At the end of the day, it’s not about big data, analytics, or visualizations. It’s about tangible, meaningful security solutions.

Solutions that are not being provided by traditional defense-in-depth products. Solutions that can force multiply the precious time of your security staff. Solutions that reduce enterprise risk in the face of adversaries who will steal your intellectual property, steal private personal information, or damage your IT infrastructure.

Our customers have realized immediate risk reduction by finding early kill chain activity associated with rogue access privileges, anomalous access requests, data theft detection, unauthorized IP detection, insider threat activity, and more. 

And increasingly, our customers are developing their own threat investigation analytics — fulfilling the ultimate vision of Click Security.


Apply local policy and environment knowledge to represent signal in meaningful fashion


  • What it Means: Convert relevant but raw data into strong risk signal 
  • Customer Pain: How do I represent signal in the most comprehensive fashion? In many cases, I can easily recognize legitimate actor, application, or inter-zone traffic. But I need a way to institutionalize this knowledge on the fly.
  • Our Value: Signal calibration is fast and easy – enabling analytics to get smarter over time


See what Predictive Risk Scoring tells you about your most dangerous actors – we’ve triaged them for you


  • What it Means: Convert aggregate risk signal into prioritized actors
  • Customer Pain: How do I convert what is still a large volume of signal into an actionable start point?
  • Our Value: Predictive Risk Scoring rolls thousands of high quality alert, event and indicator of compromise signals into prioritized actors – with full detail cards – in seconds


Gain a fast understanding of which data represents signal and which is just noise


  • What it Means: Gain an understanding of the actual network environment – but from a security PoV
  • Customer Pain: Where should I start?  Security teams are confronted with millions of events per day due to enormous attack surface and a constant barrage of adversary radiation
  • Our Value: Our analytics pull the right events that drive kill chain analysis. Source data is easily calibrated – reducing superfluous data, false positives, and helping the system learn what’s important


Use our Adaptive Investigation Platform™ to visually analyze active kill chain data


  • What it Means: Figure out depth, breadth and progress of a kill chain
  • Customer Pain: Investigation is far too difficult and time consuming
  • Our Value: Our Adaptive Investigation Platform™ and Live Actor Map convert hundreds to thousands of high-fidelity actor signals into a visual representation of activity over time. Hours of investigative work reduced to seconds


Instantaneously remediate the actor in question – and insert a new continuous monitoring analytic that catches other dubious actors in their tracks


  • What it Means: Address bad actors immediately, then globally invoke kill chain monitoring for any actor
  • Customer Pain: Can’t easily convert investigative effort into new continuous controls
  • Our Value: Prove response procedures are effective and continuously verifiable