Humans > Machines

At WitFoo, analysts and their investigations are at the core of all we do.

Why WitFoo?

WitFoo reduces the amount of false positives from your existing security tools while reducing the amount of time spent during a security investigation. WitFoo Precinct is truly “Security, Leveled Up.”


A demonstration of the WitFoo Investigate interface created by investigators for investigators utilizing best practices from cybersecurity incident response and leveraging time tested approaches from law enforcement.

Manage Impossible Workloads

We’re reducing analyst workloads by greater than 90% by cutting the noise and making it easier to investigate incidents

Integrates with existing security tools

An intelligence layer designed for conducting investigations

Investigation time reduced from hours to minutes

Foo the Noise

WitFoo Precinct standardizes security data from existing tools by establishing a common vernacular that graphs relationships in context of five data domains and known attack patterns.
The data is then evolved using Temporal Link Analysis based on investigative processes from Law Enforcement, discarding irrelevant information and assembling only the useful facts.
Precinct prioritizes only critical incidents for investigation — applying labs based on common logic used to discern suspicion levels and aggregating them into a consolidated index called the Suspicion Score.

Owning the Investigation

Incidents are supplied with all the case-relevant data in one place and in full context of affected PCs, users, files, network and namespace (fqdn/url).
Incidents and all “evidence” are rendered visually with a dynamic ability for incident responders to probe for more detail and to quickly assess scope.
Analysts can annotate incidents with their investigative insights for reference in future investigations and for onboarding new team members.