TruU’s Proprietary Identity Persona™
TOTAL understands who is acting — not just what they’re doing
TOTAL builds 72-dimension Persona based on cross-domain principles of behavior and psychology.
TOTAL evaluates the risk of each event in the context of an identity Persona.
Personas are continually tested for drift to avert slow moving sophisticated actor and collusion threats.
By setting context, TOTAL reduces false negatives (prevent breaches) & false positives (reduce noise).
TruU’s Proprietary Persona Cluster™
Several ”like-cyber-minded” Personas are clustered together using TruU proprietary algorithm.
Our clustering algorithm enables continuous drift measurements to estimate both threat & vulnerability risk right from Enrollment.
Clustering and drift measurements lets TOTAL work with a large stage of risk-actors so even the faintest threats can be monitored in nascent stages.
OUR MODEL
How TOTAL catches Insider Threat
Risk = f (Intent, Capability, Stressor, Opportunity)
It allows us to separate anomalies from malice and use self-policing to further corroborate.
TOTAL slices the Insider threat problem into 3 Levels:
LEVEL 1
Explicit Rule Violations
TOTAL continuously learns from every reviewed alert, every confirmed threat, every resolved event.
With each decision, its prediction engine grows smarter, reducing noise and enforcing action on even more threats automatically. Over time, the result is a SOC that’s leaner, faster, and more intelligent.
LEVEL 2
Contextual Abuse of
Legitimate Access
With traditional tools, events are forwarded to the SIEM and investigated retrospectively, after the attack chain has already begun.
TOTAL assesses risk in real time by applying persona context.
LEVEL 3
Complex Sophisticated
& State Actor Attacks
Persona, Clusters & Drift are TruU Proprietary foundations of predicting and thwarting the type of attacks we read about in the news
A drift from base Persona & a drift from Cluster is measured – whether slow or fast. If it exceeds threshold, the offending identity is put on an internal watchlist
When two identity Personas drift either in similar or complementary direction, they are put on collusion watchlist
Drift from Base Persona
Drift from Base Cluster
Account Takeover
Stolen credentials can be avoided by using TruU Passwordless for knowledge workers & shared workstations
Passwordless is necessary but not sufficient to mitigate account takeover risk
TruU offers start-to-finish protection by adding continuous authentication
Additionally, TOTAL Predict is constantly monitoring the Persona to see if it is drifting unusually to verify if either the account has been taken over or is vulnerable for a take over
It’s like you have security guards on the doors, but continually monitoring for suspicious activity via security cameras in a control room
Passwordless Authentication
Continuous Authentication
IDV
TOTAL Account Takeover PREDICT