EEN-BB

Matchmaking @GITEX AI EUROPE 2026

30 Jun – 3 Jul 2026 | Berlin, Germany

ProductUpdated on 22 June 2026

ASPEN

Threat Intelligence Expert at Advanced Security Technologies

Nis, Serbia

About

Gartner frames the future of security as a shift away from reactive detection-and-response toward preemptive cybersecurity — AI-driven, behavioral, and anticipatory. ASPEN is the analyst workspace that makes that posture operational: the component where deception signals, threat intelligence, DNS enforcement, and endpoint telemetry converge into a single, correlated, fully navigable investigation surface, completing AST's Autonomous Cyber Immune System (ACIS).

Enterprise and government SOC teams face two compounding problems with conventional SIEMs: volume without intelligence — alert fatigue, with false-positive rates routinely exceeding 40–60% — and high-fidelity deception signals that have no native home, leaving their value siloed. ASPEN solves both at once. It ingests deception-native telemetry alongside any standard log source, enriches every event with CATIS threat-intelligence context and behavioral risk scoring, and gives analysts a workspace where the full arc of an attack — from first reconnaissance probe to lateral movement — is visible in a single session.

Built for the volume and velocity of deception-native telemetry:

  • Sub-10 ms event correlation — real-time alerting on emerging patterns as they develop.

  • 50,000 EPS sustained throughput — engineered for large enterprise and government environments without performance degradation.

  • Multi-instance distributed architecture — instances across sites, tenants, or classification domains, with configurable selective data exchange.

Capabilities that set ASPEN apart from conventional SIEM:

  • Deception-native analytics — built to ingest and correlate deception telemetry natively, not as generic logs requiring custom parsers.

  • Post-write correlation — apply new detection rules retroactively across full history to surface attacker activity that predates the rule, critical for APT investigation and campaign attribution.

  • LLM-based interactive console — investigate events in natural language, not query syntax alone; ask questions, summarize alert clusters, and navigate multi-event attack chains conversationally.

  • LLM-based automated reporting — structured incident timelines, campaign assessments, and hunting findings generated on demand or on schedule for SOC leadership, CISO briefings, and compliance.

  • Multi-dimensional behavioral consistency analysis — moves beyond signatures toward baseline-aware anomaly detection, surfacing novel techniques that produce no known signature — directly aligned with a preemptive security posture.

Multi-instance use cases: multi-site enterprise (local correlation, central enterprise-wide visibility), government and classified environments (isolated instances per classification domain, policy-governed cross-domain exchange, air-gapped support), and MSSPs (per-customer tenant isolation with cross-tenant correlation, no telemetry leakage between tenants).

Deployment & integration: on-premises, hybrid, SaaS, or fully air-gapped. Native integration with the full AST platform (BaitHive, TCP Mirage, CATIS, ShenDNS, NanoFirewall), plus ingestion from any standard source (syslog, CEF, JSON, custom) and output to external SOAR, ticketing, and reporting via standard APIs and STIX/TAXII.

Where CATIS turns deception telemetry into preemptive intelligence for autonomous prevention, ASPEN turns that same telemetry — combined with the full breadth of organizational security data — into investigative clarity for the human analyst. The two are complementary: CATIS serves the autonomous prevention loop, ASPEN serves the SOC. Together with BaitHive, TCP Mirage, NanoFirewall, and ShenDNS, ASPEN completes AST's end-to-end preemptive architecture — from first attacker contact to AI-assisted forensic investigation.

Learn more at ast.co.rs/aspen.

Looking for

  • Distribution Partner
  • Publisher
  • Wholesaler

Applies to

  • AI/Robotics
  • Cloud Computing, Data, IoT
  • Cybersecurity

Organisation

Similar opportunities

  • Product

    CATIS

    • Publisher
    • Wholesaler
    • AI/Robotics
    • Cybersecurity
    • Distribution Partner
    • Cloud Computing, Data, IoT

    Vukasin Dobromirovic

    Threat Intelligence Expert at Advanced Security Technologies

    Nis, Serbia

  • Product

    NANOFIREWALL - AI-powered self-learning firewall for IoT, edge & embedded devices

    • Publisher
    • Wholesaler
    • AI/Robotics
    • Cybersecurity
    • Distribution Partner
    • Cloud Computing, Data, IoT

    Vukasin Dobromirovic

    Threat Intelligence Expert at Advanced Security Technologies

    Nis, Serbia

  • Product

    Baithive

    • Publisher
    • Cybersecurity
    • Distribution Partner
    • Cloud Computing, Data, IoT

    Vukasin Dobromirovic

    Threat Intelligence Expert at Advanced Security Technologies

    Nis, Serbia