Detect cyber threats faster and earlier in the attack kill chain.

PatternEx’s Virtual Analyst Platform easily detects 100’s of attack variations “out of the box”—no rules required. Analysts can also customize or create new attack detection models that work seamlessly for all your analysts and customer tenants. PatternEx eliminates wasted analyst time on rules, correlations, and log management—all while increasing credibility with customers. Read the MIT research to learn more.

Reduce SIEM Alerts Immediately

Reduce SIEM Alerts Immediately

Automate Threat Hunting

Automate Threat Hunting

Detect 10x More Threats

Detect 10x More Threats

In my experience, today’s security analytics fail to detect advanced, targeted attacks. What is needed is something built from the ground up to detect threats that traverse multiple tactics and entities over long time horizons. PatternEx’s concept of ‘virtual analysts’ does exactly that, and has helped improve our SOC efficiency."

– Thomas Whang, Impelix


How We Do It

The PatternEx Virtual Analyst Platform ingests data and then outputs an actionable classification of threats.  The main components include:

AI Pipelines  The pipelines use big data architecture for behavior modeling of users, hosts, applications, and other entities. The AI classifies events as benign, malicious, or suspicious with a given confidence level. Analysts can choose to label the analysis to improve the AI automation.

Predictive and Automated Correlation Engine  This engine “connects the dots” and creates an attack story for current and anticipated attacks based on relationships amongst system, network, data, and/or user behaviors.

Customized Analytics and Transfer Learning Engine This component enables the system to get smarter with analyst inputs. Transfer learning makes it possible to share AI threat detection models without sharing confidential data.


The AutoCorrelate engine reduces the time it takes to do an IR investigation or threat hunting task by 20x.

Through automatic relationship discovery across all entities (user, URL, IP, etc..) an intuitive graph is shown along with suggested threats and anticipated threats.


Alternate Cluster Image.png
custom analytics

Advanced Threat Hunting and Security Analytics

PatternEx Virtual Analyst Platform (VAP) provides custom analytics to do deep mining and data extraction from raw logs. Analysts can:

  • Use standard SQL queries.
  • Use scripting languages like Python or Scala to build complex analytics.
  • Re-use analytics queries through “notebooks.”
  • Share notebooks and models with other analysts to enable collaborative threat hunting.

Scalable and Easy to Use

You have Tera- or Petabytes of data. No problem—the system can scale easily to process data in real-time or via batch logs. But you don’t want to spend hours supporting, tools, and tweaking an AI system. Again, no problem—PatternEx works out of the box and automatically gets smarter over time.

AutoCorrelate masked.png

Webinar: AI Enabled Threat Hunting - Automation Through Auto Correlation

Join Dr. Mei Lam, PatternEx data scientist, on December 4 at 11am PT to learn about AI best practices to make it easier to find correlated security events (and anticipate threats)—without writing rules. Join us live or register to receive the webinar recording.