• 4. Behaviour Learning
    Identify and stop compromises from spreading

Stage 4 - Behaviour Learning

Behaviour learning is a powerful method of understanding what is normal in your network and spotting any abnormal behaviour that could be an indication of a problem.

Rebasoft constantly monitors what is on your network and what it is doing. This is done in an efficient, unobtrusive way that is easy to deploy and flexible enough to cope when you need to change anything.

Rebasoft can:

  • Identify systems suspected of spreading malware
  • Spot systems that maybe sending unusually large volumes of data
  • See users connecting to networks - such as TOR - in order to hide their activity from you
  • Detect "when a printer is not a printer", which may be used to hide a cyberattack

If Rebasoft sees this abnormal activity going on in your network, you have a range of options to chose from:

  1. Get Rebasoft to automatically disconnect a user PC from the network, so you can have time to respond without the threat spreading
  2. If not critical, alert your IT team so that they can decide on a course of action
  3. If a minor event, log the information for future analysis


  • Automatically identify & stop the spread of ransomware
  • Detect & respond to bad behaviour
  • Spot data leakage that might lead to GDPR breaches

How it works:

Using existing network telemetry*, Rebasoft easily understands the communications between every type of system connected to the network. It does this without needing to install software onto those devices. This means it can detect traffic from PC's, Servers, printers and, indeed, any type of connected system.

Unlike many systems in the market, Rebasoft does not need to guess or apply "Artificial Intelligence", we know what type of devices are there and assess every communication to & from them.

  1. Discover your network, learning its details
  2. Classify and authorise edge connections between known network equipment
  3. Fast, easy to understand workflow for your to confirm unknown edges
  4. Automated tracking of any changes to the network edge


* Rebasoft uses NetFlow (or a variant like sFlow) available on most enterprise class network switches, most businesses will already be using this. NetFlow is more secure & cheaper than installing software agents on device to collect data.