The SlashNext Active Cyber Defense System is a cyber-threat detection and breach prevention technology that takes its core inspiration from the analytical reasoning of a human researcher.

Today's cyber threats easily evade existing detection technologies but they are not able to evade a researcher’s trained mind. Human researchers routinely find malware that technologies miss. Humans use their intuition and senses along with cognitive thinking to classify the good from the bad, and the malicious from the non-malicious. So why can’t we just codify that cognitive thinking and build better systems? At SlashNext we have automated the minds of some of the world’s best cyber researchers using a specialized form of Artificial Intelligence called a Dynamic Knowledge Based System (KBS).

Active Defense

A Knowledge Based System (KBS) is a form of Artificial Intelligence that replicates the human cognitive thinking process to build software agents capable of near human level intelligence. The SlashNext Active Cyber Defense System is the world’s first Dynamic Knowledge Based System specifically designed to detect advanced cyber attacks. Unlike traditional machine learning algorithms that need to be constantly re-trained in order to detect new breeds of attack, the SlashNext KBS derives its feature sets and reasoning through dynamically curated dictionaries – allowing the system to detect zero-day attacks as efficiently as older, well-known, attacks. Specialized clustering mechanisms break down and catalog each attack into the system’s long-term memory, continuingly improving its range of knowledge and automated analysis capabilities.

Hundreds of Data Elements

Traditional cyber threat detection systems like Sandboxes and DNS reputation focus only on one aspect of an attack. For example, a DNS reputation service may focus on features associated with a domain, sandboxes focus on payload, etc.

By contrast, the SlashNext Active Cyber Defense System collects data from every stage of an attack. It takes into account traditional markers such as DNS reputation and payload but also inspects hundreds of additional dynamic data elements.

Active Forensics

Much like a human researcher, the Active Forensics module uses static data extracted during the attack lifecycle to create a much larger set of dynamic data by probing C&C and malicious server infrastructure through an out-of-band network. This expanded data is fed to a set of High Resolution Binary Classifiers to produce a verdict.

High Resolution Classifiers

The high resolution classifiers combine the dynamic data elements collected by the Active Forensics module with large clusters of information stored in curated dictionaries to deduce a final feature set. Features sets, essentially fine grained information about the entire attack sequence, are passed to the classifier’s reasoning engine to produce the final definitive verdict: Malicious or Not Malicious.

Definitive Verdict, Not Probabilities

Breaking from the legacy model of presenting IT staff with many weak signals in the form of probabilities, the SlashNext Active Cyber Defense System’s binary classifiers have only two possible outcomes: “Malicious” or “Not Malicious”. This is in huge contrast to detection technologies based on unsupervised learning that only report suspicious activities – leaving the critical task of “connecting the dots” to the incident response team. Most weak signals eventually turn out to be false positives. This has the very negative effect of training IT staff to ignore system alerts. With an extremely low false positives rate, the SlashNext detection technology based on binary classification provides crisp, actionable alerts with a precise, definitive verdict.

News & Media

Atif Mushtaq of SlashNext



  • Jigsaw Ransomware

    Jigsaw is the latest in a spate of Ransomware that encrypts files and offers to sell the victim a decryption key to get their data back. Adding a new twist, Jigsaw threatens to delete one file every hour if the ran More...

  • Zero-Hour Multi Brand Phish

    Popular global brands like Yahoo, Gmail, Microsoft, and DropBoxare commonly used for Credential Phishingattacks. Typically the attacker creates a replica of the brand's Sign-in or Password recovery page and attemp More...

View More Blog Posts

See what you’ve been missing