Cart 0

Sensory AI for cyber security

Senseon’s multiple threat detection senses work together to detect malicious activity across an enterprise’s entire digital estate, covering the gaps that single point solutions create.


Senseon's multiple senses


Networks were traditionally very siloed and therefore much easier to protect with perimeter defences. However, the way we now conduct our business, share data and consume technology has changed organisations’ digital estates into boundaryless entities, where it’s difficult to keep track of data. Where does a network end and the Internet begin? When we consider that our data and our devices are spread between physical offices, data centres, virtual cloud environments and even homes, we begin to understand the challenge of securing a modern enterprise.

Senseon is the world’s first sensory artificial intelligence platform for cyber defence. Just as living creatures use their senses in harmony to better understand their surroundings and potential predatory threats, Senseon harnesses multiple threat detection senses to spot malicious activity across an enterprise’s entire digital estate, covering the gaps that single-point solutions create. This means it can detect and investigate attacks that other systems cannot. Senseon protects against all threat types, no matter how subtle, from insider threat to advanced malicious attacks.

Built by leading cyber experts and deep-government specialists, Senseon’s advanced AI Triangulation algorithms weave into the fabric of organisations for highly accurate, context-rich threat detection and response.  



Senseon’s lightweight endpoint agent deploys simply across an enterprise’s devices. Gathering endpoint data allows for complete monitoring of activity that single-point network solutions miss. The integration of endpoint data gives Senseon’s users total coverage of all processes and suspicious behaviour, enabling Senseon to accurately alert on malicious activity as it takes place.



Senseon’s passive network appliance gathers data from the richest sources within customers’ networks. The linearly scalable network appliances monitor all activity including connections and data within and beyond the perimeter, and connections between devices within the network.



As organisations move away from on-premises networks towards cloud infrastructure, Senseon deploys easily into virtual environments, helping to close the gap that this shift, in practice, has created. Cloud environments are often vulnerable as they don’t sit within the traditional concept of the network and without the means to oversee activity are sometimes left forgotten. Senseon not only detects emerging threats within cloud and off-premises environments, but also gives complete visibility.


Investigator Bots

Uniquely, Senseon’s Investigator Bots act as outside-in observers and intelligence gatherers. Patrolling customers’ network and cloud perimeters, they identify weaknesses, detect unknown assets and gather threat intelligence that provides an additional layer of context from an attacker’s perspective. This allows Senseon’s customers to better understand the reality of their environments and to surface unknown vulnerabilities.


"CISOs see real value in the way Senseon’s product - through the use of AI Triangulation and Sensory AI - can provide them with one cohesive platform that protects their organization from emerging threats, essentially replacing the need to purchase multiple single-point solutions."

Grace Cassy, Co-Founder


Senseon’s AI Triangulation spots the subtlest threats that single-point solutions miss.

Senseon uses unique AI Triangulation to understand and correlate all information gathered across the network, endpoint devices, cloud environments and Investigator Bots. This conversation-like approach allows Senseon to follow the path of an attack from multiple perspectives as it moves among devices or the network, understanding its characteristics and features to build a complete picture of the threat.

In the majority of cases, multiple devices and users are implicated, and multiple connections and threat techniques are involved. Senseon’s ability to correlate threat behaviour from every part of the organisation provides greatly needed context that helps security teams to understand the chain of events and severity of threats more accurately.


Read the white paper

This paper outlines how technology, and specifically an enhanced artificial intelligence approach, will help security and IT teams work smarter to focus their efforts where they matter most – dealing with genuine cyber threat.


Machine learning techniques


The goal of machine learning is to enable computers to learn on their own, solving many real world, complex problems. A machine learning algorithm may be able to identify patterns in observed data, build models that explain the world, and predict things without having explicitly pre-programmed rules and models. There are many benefits to using machine learning including speed, accuracy, ability to ingest large volumes of data, automation of tasks, and ultimately significant cost savings.

The application of machine learning in cyber security has many uses: it provides the ability to enhance our detection and response capabilities and to automate analysis of user and device behaviour.

There are two main machine learning approaches, supervised and unsupervised, which have unique benefits and applications.


Supervised machine learning

Machine learning can be guided or ‘supervised’. Data can be labelled to imply characteristics or attributes that help it learn by training it. For example, you could tag pictures of cats with a label of ‘cats’ and tag pictures of dogs with a label of ‘dogs’. The machine would learn the differing characteristics of cats and dogs from that set of training data and produce an algorithm that could then tell the difference between pictures of cats and dogs that are not labelled.

Common applications of supervised machine learning are identifying spam emails: large amounts of both spam and genuine emails (ham) are fed into supervised machine learning algorithms to increase their accuracy. This enables the system to detect spam emails without being explicitly programmed to do so. Spam is a fairly easy application of supervised machine learning for cyber defence, given the large amount of labelled data that is available to train the models that the algorithms produce. 

However, there are limits to the widespread usefulness and applicability of supervised machine learning in other scenarios. Crucially, most enterprises will not retain labelled datasets of previous attacks, which undercuts the ability to use supervised models. Even when supervised models are possible, attackers continuously evolve their approach which decays the value of those models.

Senseon has developed a system that combines analyst feedback on Senseon threat cases with unsupervised outlier detection methods, to create supervised models. This continual synthesis of new models that are automatically generated by the system enables Senseon to grow and adapt its detection capabilities within an organisation whilst minimising false positives and optimising analyst time.


Unsupervised machine learning

Machine learning can also operate without any guidance. This is known as unsupervised machine learning. Because it hasn’t been trained to understand or identify specific characteristics and isn’t trying to find specific outcomes, it is able to take sets of data and find patterns within them that would be very hard for a human to find, especially when dealing with very large sets of data.

The goal for unsupervised learning is to model the underlying structure or distribution in the data in order to learn more about that data. Unlike supervised learning there are no correct answers and there is no teacher. 

A common application of unsupervised machine learning in cyber defence is looking for outliers for anomaly detection. These algorithms can detect combinations of data that may be indicative of anomalous behaviour of users or devices, which can improve the detection rate of new or novel attacks. The disadvantage of a pure unsupervised approach is that it may trigger more false positive alerts. Senseon has overcome this by leveraging AI Triangulation algorithms to increase the explainability and verify the output from multiple perspectives.

An example of unsupervised machine learning is analysis of DNS traffic to identify malware communicating with its command and control server. Whilst an unsupervised algorithm may identify traffic as an outlier, the ability to verify the anomaly by gathering data from multiple perspectives (such as features of the domain itself), enables the validation of the initial unsupervised approach.


"Real time machine learning technologies, like Senseon, are critical in helping organizations cut through the noise of their busy networks to identify the real threats."

Dr Ken Urquhart, Former Senior Director, Microsoft Alchemie Ventures, Consultant on AI/ML and Cyber Security


AI Triangulation


AI Triangulation understands and correlates all information gathered from various senses, allowing Senseon to follow the path of an attack from multiple perspectives.


Beyond the anomaly


Over the past several years, machine learning technologies have been very useful in helping us detect new and abnormal behaviour. Unfortunately, these technologies are often incapable of differentiating between what is merely unusual and what is an actual threat. The result is often thousands of false positive alerts that then require manual investigation from already-stretched security teams.

Senseon’s unique development of AI Triangulation and automated investigation reduces the high number of false positive alerts that security teams are currently burdened by. Because AI Triangulation determines what is actually a threat, rather than what is just new or unusual behaviour, Senseon provides huge time and cost savings, and allows security teams focus on what matters – investigating actual threats.