D E E P M E S S A G E I N S P E C T I O N

“Billions of dollars are spent on utterly

ineffective technologies – technologies that

can’t keep us protected from today’s advance

threat actors. The firewalls, intrusion

detection systems and antivirus technologies

that the security industry has relied on for

decades provide little more than a false

sense of security.”

– Amit YorAn, President, rsA

A Cyber Security

Deep Message Inspection (DMI) detects a hack before it’s a threat – Business Logic Monitoring

Breakthrough

Decision-Zone technology is a transformative, message-centric

solution for real-time cyber security. Decision Zone’s Deep

Message Inspection (DMI) detects and remediates threats in

real time, on the message bus – before they compromise your

business.

DMI recognizes deviations from business logic, which are indi-

cators of an attack, compromise, defect or administrative error.

Signature-based cyber security approaches are failing

Today, most network firewalls detect malware identity only

in terms of a signature. But this signature approach totally ex-

cludes malware in the act of compromising the systems on the

message bus. The result is that major security threats exist in

many critical commercial, civil and government networks.

Conventional it & SeCurity CompanieSindicators of Compromisein the Database

Stanford UniverSityindicators of Compromiseon the Message Bus

NASAState Machine Anomaliesin the Database

DeCiSion-Zone State Machine Anomalies & Remediation on the Message Bus

The Evolution of Real Time Security and Business Monitoring

The DMi Breakthrough

DMI dramatically improves system

assurance by enforcing business logic

in a manner that conventional FW/IPS/

DPI was never intended to support:

• Logic Discovery provides automated

learning and recognition of business

logic.

• Pattern Verification detects devia-

tions from business logic

• Behavior Recognition distinguishes

abnormal activities based on tempo-

ral anomalies

Monitoring “The effect” to Pinpoint “The Cause”

Conventional network security is about

monitoring for millions and millions of

known, potential threats – the causes

and indicators of compromise (IoCs).

Unfortunately, these systems consume

vast resources in this effort and yet

have no awareness of what a business

effect would look like because they

don’t understand the logic of the

message bus.

By monitoring the effect (order of

operations problem) Decision-Zone can

identify the specific cause by referenc-

ing the state machine. Current

approaches must associate millions

of cause permutations with the

problem and monitor and investigate

all the cause permutations to identify

that problem.

DECISION-ZONE Business Logic Monitoring E Remediation

CONVENTIONAL Signature Monitoring E Investigations

Indicators of System Compromise Leading to Investigations

Real Time Business CompromiseAlerts Leading to Remediation

INTERNET OFEVERYTHING

AN

OM

ALY

DET

ECTI

ON

DEE

P M

ESSA

GE

INSP

ECTI

ON

STAT

E M

AC

HIN

ES

EVEN

T M

ININ

G

MES

SAG

E B

US

LIV

E EV

ENTS

PATT

ERN

MAT

CH

ING

DEE

P P

AC

KET

IN

SPEC

TIO

N

MA

LWA

RE

SIG

NAT

UR

ES

DAT

A M

ININ

G

DAT

AB

ASE

SYST

E M L

OG

S

sales@decision-zone.com www.decision-zone.com

CONVENTIONAL Signature Monitoring

Monitoring The Cause Monitoring The Effect

Detect the CauseDetect the Problem

DECISION-ZONE Business Logic Monitoring

E Cyber Attack

E System Defects

E Administrative Errors

Equipment Process People

Materials Environment Management

Secondarycause

Primarycause

Problem