Detect cyber threats faster and earlier in the attack kill chain.

PatternEx’s Virtual Analyst Platform easily detects 100’s of attack variations “out of the box”—no rules required. PatternEx eliminates wasted IT and security team time on rules, correlations, and SIEM log management—all while increasing the value of your current security tools and processes. Spend less time finding threats and more time running your business. Read the MIT research to learn more.


Reduce SIEM Rules, Alerts, and Costs


Respond Faster To Threat Alerts


Detect 10x More Threats

In my experience, today’s security analytics fail to detect advanced, targeted attacks. What is needed is something built from the ground up to detect threats that traverse multiple tactics and entities over long time horizons. PatternEx’s concept of ‘virtual analysts’ does exactly that, and has helped improve our SOC efficiency."

– Thomas Whang, Impelix


How We Do It

The PatternEx Virtual Analyst Platform ingests data from various application, network, user, and cloud sources in either batch or real-time modes. Through automated AI modeling, this data is turned into actionable insights for your analysts to take action against. These are not rules that need to be fine tuned and managed, but sophisticated models that can detect set of attack variations and track dozens of variables to detect evasion and environmental changes.

The main components include:

AI Pipelines  The pipelines use big data architecture for behavior modeling of users, hosts, applications, and other entities. The AI classifies events as benign, malicious, or suspicious with a given confidence level. Analysts can choose to label the analysis to improve the AI automation.

Predictive and Automated Correlation Engine  This engine “connects the dots” and creates an attack story for current and anticipated attacks based on relationships amongst system, network, data, and/or user behaviors.

Customized Analytics and Transfer Learning Engine This component enables the system to get smarter with analyst inputs. Transfer learning makes it possible to share AI threat detection models without sharing confidential data.


The AutoCorrelate engine reduces the time it takes to do an IR investigation or threat hunting task by 20x.

Through automatic relationship discovery across all entities (user, URL, IP, etc..) an intuitive graph is shown along with suggested threats and anticipated threats.


Alternate Cluster Image.png
custom analytics

Advanced Threat Hunting and Security Analytics

PatternEx Virtual Analyst Platform (VAP) provides custom analytics to do deep mining and data extraction from raw logs. Analysts can:

  • Use standard SQL queries.
  • Use scripting languages like Python or Scala to build complex analytics.
  • Re-use analytics queries through “notebooks.”
  • Share notebooks and models with other analysts to enable collaborative threat hunting.

Scalable and Easy to Use

You have lots of data.  No problem—the system can scale easily to process data in real-time or via batch logs. But you don’t want to spend hours supporting, tools, and tweaking an AI system. Again, no problem—PatternEx works out of the box and gets smarter over time automatically.

AutoCorrelate masked.png
OnDemand Webinar:

AI Enabled Threat Hunting - Automation Through Auto Correlation

Watch as Dr. Mei Lam, PatternEx data scientist, discusses AI best practices to make it easier to find correlated security events (and anticipate threats)—without writing rules.