OwlyDetect can listen out for the weakest of intrusion signals.

Its autonomous learning eliminates the need for Data Scientists to implement machine learning algorithms as is the case with SIEM-based solutions.

OwlyDetect goes beyond legacy AV signature-based and EDR heuristics arbitrary rule-based solutions
Cyber attacks

The attack lifecycle

Successful attacks require multiple steps.

identify vulnerability in the target infrastructure


Use the vulnerability to gain privileged access.


Deploy persistent malicious payload using privileged access.

Command & Control

With malware installed, attackers now own both sides of the connection.

Action & Exfiltration

Attackers goal: data exfiltration, destruction and extortion.

Major SaaS hosting service

A major SaaS hosting service was compromised by an external consultant working on site. While working on an upgrade, they created a backdoor for external hackers to take advantage of after they left.

The system randomly began to set system files bits to different values and the ERP solution started to progressively exhibit abnormal behaviour.  No-one was able to find the root cause until the hackers demanded a ransom to provide the key to fixing the system.

This is why we developed OwlyDetect.


Previous experience in setting up Business critical ERP systems showed us that no Cybersecurity vendors were able to detect weak signals of intrusion such as internal attacks. When the attack was conducted from the inside, the only telling sign was that the application was starting to fundamentally malfunction.

Try Now for Free
What is OwlyDetect?

OwlyDetect is an Intrusion Detection solution with full behavioural detection abilities that include unknown ransomware, polymorphic malwares and viruses. Crucially, no other product shares its ability to detect applications compromised by insider attacks.


How does OwlyDetect work?

It's a hybrid solution that combines an on-prem probe and a SaaS manager.

The probe monitors around 100 metrics related to the behaviour of binaries on the host machine.


Although it does have some on-board intelligence, most of the data collected is sent to the SaaS platform for real-time analysis.

Machine Learning

Analysis performed by our SaaS environment features mostly supervised and auto-supervised machine learning.


If any anomalous behaviour is detected, an alert is raised.

OwlyDetect is easy to use

It is a "blackbox" solution that collects and analyses the data points it needs and notifies the user with the insights.The only thing to do is to deploy the probe and make the network communications possible between it and the SaaS analyser.

Try now for free

OwlyDetect is deployed to secure heavy-duty applications (packages like ERP, DB servers, Financial Services Engines, Infrastructure Middleware such as ESX, or even Application Development environments).

Fine grained attacks

  • Remote Code Execution to start a Cobalt Strike probe
  • Extraction of the JVM memory via JHispter web application maintenance URL unknown to the support team
  • Insider attack
  • Application exploit
  • Non-stereotypical intrusions
Our products are used by a wide variety of clients.
AriseHealth logoOE logo2020INC logoThe Paak logo
OwlyDetect is a hybrid solution

Talk to the experts and how they can use this Open source tool to improve security

Talk to our experts and find how to use this tool to improve security.

Speak to an expert