Advanced Security Analytics Platform

advanced threat detection

Advanced Threat Detection

Aim: "Detect the attacker" - Automated detection and reporting of advanced and hidden attacks.

Even with firewalls and IDS/IPS, attackers intrude into networks unnoticed. As an extending security layer, finally safe examines any data traffic that has been previously classified as safe. Intelligent algorithms are used to detect hidden control attempts, data thefts and manipulation attempts before damage can be caused.


  • Automated detection of Advanced Persistent Threats (APTs)
  • Detection of bot networks and concealed control channels (C&C)
  • Detection of penetration via manipulation of network connections
realtime monitoring

Realtime Monitoring / Security Operation Center

Aim: "See everything" - Real-time visualization of network traffic and deviations from regular traffic (anomalies).

A large amount of information is gathered in the Security Operation Center (SOC). The visualization of the actual status as well as dashboards are essential for quick understanding of the situation. Together with partners, finally safe offers 24/7 managed SOC services. Customers are supported by a team of experts who constantly monitor the network.


  • Automated alerts for uncovering concealed control channels
  • Early detection and troubleshooting by experts
  • In SOC: Complete security cycle under control (24/7)
compliance reporting

Compliance Reporting

Aim: "Prevent the attack" - Permanent visualization of the automated evaluation of predefined and customizable network compliance rules in the Management Report.

A constantly updated assessment system identifies vulnerabilities in systems and misconfigurations. The risk assessment of communication parameters is performed regarding strength and security. Based on this data, the risk profile of the customer is displayed over time. In addition, customer-specific adjustments to individual requirements can be achieved by storing desired and undesired protocols. Furthermore, a connection to ticket management systems for subsequent problem management is enabled.


  • Automated generation of technical and management reports including risk assessment
  • Detection of system approvals and policy violations
  • Automated uncovering of common gateways (vulnerability assessment)
  • Continuous status of network resistance
anomaly detection

Anomaly Detection

Aim: "Detect the unknown" - Detection of deviations from regular traffic to uncover innovative attacks without existing signatures.

Anomaly detection is based on the collection of over four million possible package data. Machine-learning algorithms are used to create a model of network communication from this information. The self-learning system automatically adjusts itself after a four-week training period and learns continuously.


  • Intelligent learning of network behaviour (machine learning)
  • Automated anomaly detection (behaviour analysis)
analysis forensics

Analysis & Forensics

Aim: "Never miss a beat" - Permanent access to data for forensic analysis of the IT infrastructure and subsequent activities.

With permanently storable network traffic metadata, the system can perform analyses for optimizations, trend measurements or forensic purposes. With the Caplon Traffic Recorder, actual data traffic is recorded in accordance with data protection regulations to be used for forensic analyses.


  • Forensics on malfunctions and safety occurrences
  • Permanent securing of evidence
  • Analysis of occasional problems
  • Compliant with data protection regulations
service monitoring

Service Monitoring

Aim: "Improve continuously" - Continuous monitoring of IT infrastructures and critical applications to improve service quality, availability and performance.

Increasing networking with suppliers, partners and customers, the complexity of networks as well as the increasing amount of data make it more and more difficult to maintain an overview and ensure reliable operation. Additionally, the threat caused by attacks on networked systems is increasing dramatically. With the Caplon Service & Security Monitoring solution, companies have a comprehensive overview of all processes taking place in the network.


  • Detection of performance and quality degradation
  • Session tracking and visualization of message flows
  • Automated generation of communication maps
  • Monitoring of SLAs and KPIs

Learn more about the capabilities of the finally safe sensors