Use Cases

The Outlier system provides comprehensive endpoint threat monitoring, alerting and analysis.

Breach Assessment

Why: Vulnerability and compliance auditing alone are not enough to ensure safety of critical enterprise data. Regulators and management must also know if your network has been breached and if attackers are active and operating within the estate.

What Outlier Does: Outlier automatically examines endpoints without relying on signatures. The system collects digital forensics evidence from computers and performs multi-dimensional security analytics to detect attacker activity, rogue user behaviors, malware and advanced persistent threats.


  • Agentless software-as-service system provides fast and easy system implementation across the enterprise
  • Detect breaches and threats missed by legacy signature-based sensors
  • Gain immediate visibility of endpoints to measure scope and severity of your enterprise threat profile

User Behavior Analytics

Why: Nearly all network breaches involve user actions – with or without your employees’ knowledge. Users click on malicious web links and email attachments to infect computers. Attackers steal user credentials and masquerade as legitimate users to find and steal confidential information. This isn’t a malware problem. The problem is attackers freely operating within your network.

What Outlier Does: Outlier automatically collects and analyzes digital forensics evidence from computers throughout the estate to uncover malicious and suspicious user behaviors, lateral movement, privilege escalation, data exfiltration and rogue user accounts.

Benefits: The problem is motivated attackers, not malware. Outlier goes beyond mere infection to:

  • Reveal attackers using stolen credentials who cannot be found with antivirus and anti-malware systems.
  • Uncover adversaries masquerading as authorized users who can inflict real damage and financial loss.
  • Discover and remediate breaches fast to minimize and contain risk.

Continuous Monitoring

Why: Enterprises must assume they are continually breached, so they must continually hunt for active threats. Endpoints are today’s biggest security blind spots because legacy antivirus systems look only for known malware and cannot detect hacker behaviors and new, unknown or advanced malware.

What Outlier Does: Outlier’s agentless endpoint analytics platform continually monitors threat indicator data automatically collected from endpoints across the enterprise. A unique analytics approach identifies “outliers” and anomalies that reveal new and unknown threats. A multi-step reasoning process differentiates high-risk threats from false positives and low-risk threats.

Security teams are automatically provided contextual information to quickly assess alerts. The system is integrated with SIEM and other sensors to maximize value. Perform agentless scans of indicators of compromise (IOC) with zero impact on end users.

Benefits: Outlier dramatically improves the productivity and speed of security and incident response teams by:

  • Alerting analysts to threats missed by legacy security systems.
  • Providing endpoint data and artifacts that would otherwise take hours or days to collect.
  • Separating high-risk threats from false positives and low-risk threats.
  • Providing unique IOC query capabilities designed specifically for security analysts and incident responders.


Detecting a cyber threat is not enough. An intruder within the network must be removed and prevented from persistently surviving system reboot.

The Outlier system provides automated remediation of infected computers with a simple mouse click. Malicious files and associated registry keys are permanently removed upon system reboot.

Automated alerts show data communications links and user accounts associated with malicious files. Therefore, Outlier arms security analysts with the necessary information to block malware communications at the perimeter and to modify or delete user accounts used by hackers.