The Detection and Response Chasm


There is a gap between detection and response when security analysts work to qualify an alert, determine root cause, and identify the scope of an attack.

  • The Detection and Response Chasm is currently bridged through manual analysis by expert security analysts attempting to retrace an attack to its origin. 

  • They are challenged by a high volume of red herring alerts and investigations filled with ambiguous log data.

  • This arduous investigation workflow is time consuming and often leads to inconclusive results from inference and incomplete data.

  • It creates a constant state of anxiety — what am I missing?


Cloud environments and cloud-native applications amplify this challenge with new layers of abstraction

  • Today’s security tools are ill-equipped to support alert investigation in hyper-dynamic cloud environments.

  • Security analysts lose the ability to retrace an attack without stateful representation at the precise point in time involved in an attack..

Spyderbat’s solution to the detection and response chasm is to automate the attack tracing process.  

Spyderbat continuously maintains an operations plane of causally connected operations activity.  The operations plan is fused with security context when they occur, providing security analysts instant visibility to interconnected operations and threat activity. 


The resulting Spydertrace allows an analyst to quickly qualify a credible attack, understand its point of origin, and continue to track its progress and scope.  

Spydertrace: A focused trace of causally connected activities creating by fusing security data and enriched context with the Spyderbat Operations Plane to pinpoint and preempt attacks.


Spyderbat acts as a bridge between detection and response to dramatically compress investigation time and avoid potential breaches.