AlphaSOC Announces Industry’s First Cloud-Native Network Traffic Analytics Product to Identify Compromised Workloads on Popular Cloud Platforms

New AlphaSOC scanning engine processes near real-time network telemetry to support threat hunting across Amazon Web Services, Microsoft Azure, and Google Cloud platforms

SAN FRANCISCO, September 30, 2022–(BUSINESS WIRE)–AlphaSOC, Inc., the security analysis companytoday announced its new AlphaSOC Analytics Engine (AE), a differentiated cloud-native Network Traffic Analytics (NTA) product that uniquely identifies compromised workloads across Amazon Web Services, Microsoft Azure and Google Cloud Platform.

Threat actors circumvent existing controls by using a new command and control (C2) infrastructure that is not recognized by legacy security products. Data can also be exfiltrated from victim cloud environments via DNS tunneling, ICMP tunneling, and anonymization circuit protocols (eg, Tor, I2P, Freenet) without detection. Now security teams can quickly deploy AlphaSOC AE in their cloud environments to process near real-time telemetry and identify compromised workloads with confidence.

“With AlphaSOC AE, we are moving the industry from reactive identification of known threats, such as a domain or IP address associated with a threat actor, to proactive threat identification, such as a compute instance tagging a newly registered domain that is unique to the customer environment and has suspicious properties,” said Chris McNab, CEO and co-founder of AlphaSOC. “By leveraging machine learning, we uncover compromised systems without rely on outdated signatures or threat feeds that describe previous attack campaigns on an annualized basis.”

AlphaSOC AE performs deep processing of network streams and DNS query logs in cloud environments and pushes the results through cloud-native services, including Amazon Web Services EventBridge, Microsoft Azure Sentinel, and Google Cloud Platform Pub/Sub, to support threat hunting and security operations teams. . It is a next-generation NTA product that identifies emerging threats and solves the “zero patient” problem through prevalence scoring and active analytics, leveraging its patented processing stack to Discover emerging threats without relying on outdated threat intelligence or indicator lists. Patient zero refers to the idea that the first victim of an attack has no idea they are compromised because their tools rely on intelligence about known attack threats.

Correlation with threat intelligence processing layers, feature analysis and time series analysis is industry standard. However, AlphaSOC AE uniquely uses three additional layers to actively discover emerging threats in near real-time and highlight anomalies:

  • Active fingerprinting – using an anonymizing proxy layer, AlphaSOC actively fingerprints destinations to identify command and control infrastructure in real time.

  • Reputation Scoring – leveraging 3rd party APIs (e.g. sandboxing engines and threat blocking providers) AlphaSOC AE collects live reputation data to highlight suspicious low reputation destinations.

  • Prevalence scoring – by measuring prevalence in customer environments, AlphaSOC AE discovers traffic patterns to rare destinations to flag risky connections.

A challenge for security teams is that threat detection capabilities differ between native products (for example, Amazon Web Services GuardDuty and Microsoft Defender for Cloud). AlphaSOC AE provides a unified threat detection stack that multi-cloud customers can use to achieve consistent threat coverage without gaps. This reduces repair times and overall remediation efforts by more than 200% for most SecOps teams. AlphaSOC AE also reduces false positives since the engine has unparalleled context through its six layers of processing, removing benign elements and providing high fidelity/high utility alerts to security teams. AlphaSOC AE reduces the number of false positives by 60-90% compared to older IDS and NTA systems.

“Because AlphaSOC AE provides next-generation instant threat detection capabilities not found in cloud provider products, such as Amazon Web Services GuardDuty or Microsoft Defender for Cloud, partners can leverage of our solution to consolidate threat detection and workload protection into a unified best-of-breed product line and gain market share,” McNab added. “There are also time and cost savings. money because AlphaSOC AE can be run in a container and configured in minutes, compared to legacy solutions that are not cloud-native by design.”

Availability and prices

AlphaSOC AE is available for Amazon Web Services, Google Cloud Platform and Microsoft Azure. Pricing starts at $9,000 per year as described in For more information, please visit

About AlphaSOC

Trusted by hundreds of enterprise customers to monitor various environments for signs of compromise and unauthorized data exfiltration, AlphaSOC is a leading provider of surveillance analytics tools. Since 2016, AlphaSOC has processed over 3 trillion events from over 500 companies, providing unparalleled coverage of emerging threats and anomalies. The company is headquartered in San Francisco with offices in Las Vegas, London and Wrocław, Poland. For more information, visit

AlphaSOC is a trademark of AlphaSOC, Inc. All other trademarks are the property of their respective owners.

See the source version on


Dan Spalding
[email protected]
(408) 960-9297

Charles J. Kaplan