Suite 444,320 E Clayton Street Athens, Georgia 30601, USA

BlockCount Ratio

BlockCount Ratio
  • Single-pane-of-glass view on the effectiveness of your existing security systems through log correlation: firewall, sandbox, IPS and endpoint security.

  • Use performance-based quantitative analysis to determine if you are achieving ROI from your existing security investments.

  • Obtain a summary of the ratio of attacks blocked at each layer of your defense-in-depth security infrastructure, and what percentage went through.

Detect. Prevent. Evaluate.

While organizations have long needed to safeguard their IT assets and their sensitive data, new threats and new regulations arise every day. Therefore, organizations need to validate that their existing security investments are always operating to their full potential.

LinkShadow enables you to evaluate the performance of your security devices' detection and prevention capabilities with our Link Luminescence Engine (LLE) that analyzes and correlates information related to blocked threats, and validates the effectiveness of your multi-layered defense-in-depth infrastructure.

Management Dashboard


The management dashboard gives a holistic view on the security posture of your organization. Built to be a completely configurable solution, the management dashboard allows CISO’s to find information they need to monitor and take decisions regarding their network. LinkShadow allows the CISO to monitor the key security metrics in his/her organization by choosing the key metrics that matter to their organization. The dashboard is completely configurable allowing you to choose the widgets that represent the security threatscape of the organization.

  • Single Pane of glass view on the security posture of your organization

  • Identify & monitor key security metrics that matter

  • Compare key security metrics; Quarter to Quarter / Month to Month

  • Enhance CISO decision making capabilities

  • Configure the dashboard as per your preference

Live Shadow


LiveShadow aims to provide CISO with a compilation of all the critical incidents that are taking place at the moment as well as realtime highlights of the critical events detected recently. LiveShadow also provides an intuitive system health summary which CISO can easily refer to in order to understand the overall security situation of the environment.

There are three main sections in the LiveShadow screen; Critical Findings which lists the most risky users and entities detected by the system as well as top machine learning anomalies identified, Realtime Connections which shows number of connections along with number of attacks in realtime view, and Entity and User threat summary which lists the most recent anomalies detected as well as a collective summary of users and entities in the ThreatScore Quadrant.

Clicking on any of the widgets in the LiveShadow screen will navigate to the relevant window showing more information about the user or entity that caused the anomaly.

ThreatScore Quadrant

  • Detect anomalies through behavioral analytics performed on correlated logs and packet analysis using advanced machine learning algorithms.

  • Graphically position all your threats to logically prioritize response to incidents or threats based on severity of risk.

  • Monitor the threat score of your critical assets and to detect anomalous users and entities.

  • Identify entity behavior that is most dangerous to your organization along with a description of the anomaly.

Learn. Score. Prioritize.

New threats emerge every day from inside and outside the perimeter. Detecting these threats that bypass other security controls is important, but predicting their impact is even more crucial. Understanding behavioral patterns and correlating this information enables organizations to identify potential attacks with varying magnitudes of consequences and severity, and then prioritize actions to respond.

LinkShadow performs anomalous behavior detection as all traffic coming in and out of your organization is constantly scanned. Detect threats, learn and adapt to user patterns, and keep track of everything, so that each attack can be scored for proper prioritization. See which entity is most dangerous to the organization by understanding where it can cause a crisis, or is something to be wary of, or should be watched closely, or needs to be acted on immediately.

TrafficSense Visualizer

  • Geo-intelligence based topological view helps you monitor suspicious inbound/outbound traffic.

  • Gain insight into where your traffic is going, and the source of incoming traffic, enabling you to hone in on known traffic .vs unknown traffic, and make informed decisions on whether there is a compromised node or inside threat scenario.

  • Filter traffic based on protocol, geo-location, or by inbound/outbound direction.

  • Identify the top traffic sources, the types of traffic coming into your organization and the top targeted entities in your organization receiving traffic.

Listen. Validate. Block.

Organizations need to be attentive to traffic coming from, or going to IP addresses belonging to countries known to host low reputation servers including phishing sites or malicious software. In addition, attempts to access published web sites or services from locations in which you have no customers, suppliers or remote employees should be scrutinized.

LinkShadow identifies, monitors, and blocks network communication based on the geographic location of the source or destination IP address. Use Geo-Intelligence technology to get insight into where your traffic is going, and the source of incoming traffic, enabling you to hone in on known traffic .vs unknown traffic, and make informed decisions on whether there is a compromised node or inside threat scenario.

AttackScape Viewer

  • Get a global view of the latest attacks on your organization based on threat feeds from existing security assets.

  • Act on anomalous behavior that needs immediate attention by gaining insight into relevant details about attack sources, attack types and targeted entities.

  • Replay alert history to go back in time and see what happened before an anomaly was detected.

  • Access advanced threat intelligence in real-time by filtering attacks based on protocol, geo-location, inbound/outbound direction, or via feeds from the LinkShadowCloud.

See. Detect. Flag threats in real-time.

In most organizations security breaches go undetected. These hidden threats often go unnoticed for months. It is imperative to find these threats before serious damage can be caused.

With LinkShadow, it is possible to find and address threats in your environment. Visualize cyber-attacks and modern-day threats in your network in real-time with a Live Attack Map powered by best-of-breed threat intelligence to identify sophisticated and hidden dangers lurking in normal network traffic. Get insight into the top attack sources, the types of attacks and the top entities being targeted on your network.

Identity Intelligence

  • Visual trend analytics on user behavior including authentication patterns, application usage habits, etc.

  • Pin point high risk users based on machine learning and clustering of peer behavioral patterns.

  • Constantly monitor high-profile users by adding them to the 'Watch List', and prioritize alerts on activities of Super Users.

Focus. Analyze. Identify Anomalies.

With increasingly sophisticated malware hitting enterprise networks daily, it is critical to guard the crown jewels effectively to combat these threats, especially, since they are getting more difficult to identify. However, such threats can be averted.

With LinkShadow, organizations can analyze and profile network entities to uncover early signs of a breach, and underlying malicious behavior to pinpoint threat actors hiding in plain sight. Get alerted if a system is misused by detecting whether the entity is behaving normally by comparing historic and current port usage patterns, whether the right protocols are being utilized on accessed ports, and gaining visibility into relationships with other network entities.

Asset AutoDiscovery

  • Automatically discover all devices across your entire network, providing insight into device type and OS, plus validation of whether devices are managed or unmanaged, and whether endpoint security is installed.

  • Use anomaly detection technology built on advanced machine learning, to learn and profile the organization's unique behavior, and alert in real-time on threats that are specific to your network.

  • Visualize device connectivity within your network, and identify whether a device is communicating over the right protocols, with the right port numbers.

Find. Monitor. Alert for Anomalous Behavior.

You may take your eyes off your network, but rest assured we won't. With the dynamic nature of the network environment, it is fundamental to continuously monitor and collect real-time data across systems, to adapt your security program and better protect the business.

LinkShadow allows you to classify nodes through automated discovery of the entire IT infrastructure within the enterprise, to ensure all assets are protected and up-to-date for the compliance audit. Drill down into the details to answer critical questions around how many systems are managed and unmanaged in your network, do they have endpoint security or not, and what is the type of device.

Threat Shadow


ThreatShadow presents CISO with an overall compilation of AI from all the Machine Learning algorithms built into the system, allowing CISO to focus on real threats that matter. ThreatShadow helps CISO draw the line between false positive and critical incidents. Using intelligent threat scoring and collective profiling of entities and users, ThreatShadow identifies risks taking place in the environment right now and presents CISO with visual representation indicating where did the risk originate from as well as where is it heading to in case the threat is laterally moving across the network and assets.

ThreatShadow allows CISO to cross compare the current environment situation with previous dates to verify if certain threats are persisting across time. This feature helps CISO identify the most vulnerable assets and users as well as evaluate the efficiency of other security systems such as firewalls and end-point security.

User Investigator


This is a sub-tool of the Identity Intelligence module which shows a more detailed view into a specific selected user

This table shows the detailed information about the selected user like their name, company ID, department, reporting to, phone no., country etc.

The graph below shows the login patterns of the user and any spikes in it indicates unusual user activity.

Entity Inspector


The Entity Inspector is a sub-tool of the Asset AutoDiscovery module. It gives an in-depth analytics and details about a selected asset.

The Asset Summary contains details like IP address of the device, MAC address, last login detail, category of the device etc. It also lets you see if the device is managed or unmanaged as well as if it has end-point security in place.

Shadow 360


Shadow 360 gives complete visibility around any activity that raises a flag. Any anomalous trigger can be studied in depth through a specter graph, which entails the history of fluctuations in user activity. This allows the analyst to determine the criticality of any event whether from the past or present.

Shadow 360 has an advanced time series analytics that uses a Session Data model also known as session serialization; it automatically stitches together incident timelines including both normal and abnormal user activity, for all threats detected. This reduces the manual effort security analysts spend on investigations and increases their productivity. As each entity in the organization is linked and correlated with the kill chain stage it is in, and hence can act as predictive analytics to block a future breach. The security analyst can then go ahead and act to stop an attack before it actually takes place.


  • BlockCount Ratio
  • Management Dashboard
  • Live Shadow
  • ThreatScore Quadrant
  • TrafficSense Visualizer
  • AttackScape Viewer
  • Identity Intelligence
  • Asset AutoDiscovery
  • Threat Shadow
  • User Investigator
  • Entity Inspector
  • Shadow 360