Customer SupportGet Expert Help
Skip to main content

Behavioural Analysis

MaxiSafe’s Behavioural Analysis framework delivers comprehensive Threat Detection, Investigation, and Response (TDIR) through an adaptive security architecture that leverages full data trace and fine-grained behavioural metrics. By integrating data collection, real-time analysis, and contextual investigation, MaxiSafe identifies and responds to sophisticated attack patterns with precision.

Full Data Trace

MaxiSafe captures complete data traces of all interactions across protected assets, facilitating in-depth analysis of request patterns and anomalies.

  • Data Coverage:
    • Comprehensive logging of HTTP requests and responses, including headers, payloads, and session identifiers.
    • Detailed API interaction records, tracking request methods, endpoints, and response status codes.
    • Traceable user interactions, capturing navigation paths, access frequencies, and transaction sequences to identify behavioural deviations.

  • Data Access and Search:
    • Provides full-text search capabilities to query specific data points or sequences of events.
    • Enables filtering by IP address, user-agent, geolocation, and timestamp to isolate anomalous behaviour.
    • Supports data export for forensic analysis and integration with external threat intelligence platforms.

Analytical Dashboard

The Analytical Dashboard consolidates real-time traffic data, threat telemetry, and historical records into a unified interface, enabling rapid detection of potential threats and anomalies.

  • Immediate Visibility:
    • Real-time traffic analysis with visual overlays highlighting abnormal request spikes, protocol anomalies, and suspicious access patterns.
    • Instantly identifies ongoing threats, categorising them by severity and attack type.

  • Timeline Analysis:
    • Displays both historical and live attack data across adjustable timeframes, enabling comparative trend analysis.
    • Visualises attack timelines to assess attack duration, frequency, and escalation patterns.

  • Data Visualisations:
    • Dynamic charts, diagrams, and tables present key metrics such as request volume, response time, and error rate.
    • Graphical representation of attack vectors and incident timelines, aiding in impact assessment and response prioritisation.

  • Threat Exploration by Dimensions:
    • Drills down into specific dimensions such as request paths, user-agents, response status, and payload structure to uncover coordinated attack patterns.
    • Cross-correlates events by IP address, HTTP method, or data payload to pinpoint coordinated attack attempts.

  • Monitoring and Alerts:
    • Customisable alert thresholds for specific risk levels, such as API flooding, data scraping, or credential stuffing attempts.
    • Automated notifications for high-risk incidents, enabling immediate response and escalation.

  • Pre-Correlated Analysis:
    • Consolidates related events into unified views, streamlining investigation workflows and facilitating pattern recognition.

  • Attack Classification:
    • Categorises detected attacks based on impact and severity, providing context for response prioritisation.
    • Key classification dimensions:
      • Access Layer: Request methods, response status codes, and URL paths.
      • Server Layer: Load metrics, asset status, and protocol interactions.
      • User Layer: User-agents, IP addresses, geolocations, and observed behaviours.

Threat Investigation

MaxiSafe’s Threat Investigation module contextualises detected threats, enabling precise analysis and targeted mitigation based on real-time and historical data.

  • Contextual Analysis:
    • Correlates related events to distinguish genuine threats from false positives.
    • Analyses request patterns to link suspicious interactions to prior attack attempts.

  • Attack Vector Identification:
    • Identifies specific attack vectors such as SQL Injection, Cross-Site Scripting (XSS), and Credential Stuffing.
    • Maps the flow of malicious requests to affected assets, identifying entry points and potential vulnerabilities.

  • Impact Assessment:
    • Quantifies potential impact by analysing affected endpoints, data volume, and response status codes.
    • Assesses the scale and severity of ongoing attacks, enabling targeted mitigation.

  • Threat Prioritisation:
    • Assigns severity scores based on attack type, risk level, and asset sensitivity.
    • Recommends prioritised response actions to address high-impact threats, ensuring optimal resource allocation.