A defence-grade cyber security product built for the Enterprise, Government and SME marketplaces. Our partner’s ground-breaking monitoring technology – built and improved over many years of securing the world’s most sensitive government and commercial information – protects you against the most sophisticated and advanced cyber threats.

This coupled with an enhanced Artificial Intelligence engine that is being built by leading Machine Learning experts allows Forest Tree to learn and become an increasingly more effective and efficient tool. The modular approach taken during the development of the Forest Tree solution ensures clients have high levels of personalisation available.

Technology Capabilities

Forest Tree is able to capture, analyse, learn and block, offering customers a holistic approach in tackling Cyber Threats

Intelligence at Every Level

Investigations of events are simplified thanks to the capture of the information at all levels, from network to user. Our platform allows the identification of any information being transferred through the network from any device, without the need to preconfigure the end points.  That includes any malicious traffic.

Flexible and Scalable

The product has been designed to suit all needs,  from low traffic networks to environments with high speed links and heavy use. Using the latest big data, storage and analytics technology, the platform can be expanded to conform to the most demanding environments without losing visibility of any of a company’s network traffic, and allowing them to react upon it from the same platform.

Machine Learning

Forest Tree uses a number of machine learning algorithms to conduct its advanced security analytics. Based on semi-supervised machine learning the algorithms are able to identify anomalies, raise alerts and automatically take action to prevent threats from materialising into incidents. This gives your organisation the capability to not only detect threats on your network quicker than ever before, but to also take action against them. The median time for an IT security incident to be detected is 200 days – Forest Tree aims to shorten this to less than 1.


Forest Tree utilises a number of advanced machine learning algorithms to profile devices on your network. The algorithms ‘learn’ what normal device behaviour looks like and from this are able to spot devices that are exhibiting anomalous behaviour. This enables Forest Tree to alert your security analysts to investigate devices that may be being used to conduct insider threats or that may be under attack from a threat actor or from malware.

Anomaly Detection

As well as detecting anomalous behaviour within your networks devices Forest Tree uses a second set of machine learning algorithms to scan the raw network traffic for packets that contain malicious content. Using a combination of next generation analytics and deep learning Forest Tree is able to identify packets that contain malicious code and is able to flag them for investigation. This allows Forest Tree to detect and stop malicious behaviour without having to be exposed to the entire attack vector that is being used.


Forest Tree has an intuitive web user interface that has been built by data visualisation experts and real world security analysts. This ensures that your analysts see the information that they need to see in order to be able to protect and monitor your network.Forest Tree is a tool that stretches beyond the realm of security. Able to visualise your organisations data flows it offers valuable insight into your network and IT resources that other tools cannot offer.


The huge amount of data that Forest Tree can capture and analyse allows analysts to see the attack within the context of their entire network, allowing a quick, thorough and accurate investigation into any detected incident to take place. It greatly increases the speed of IT forensics and as it does not rely on any logs from network devices it also greatly increases it’s reliability

The Engine

At the heart of Forest Tree sits our core engine. Our patented technology performs full decomposition and extraction of information at all levels from live network flows. The engine has been proven in the most demanding networks operating at up to 1 terabit per second with zero loss traffic capture. Its flexible and highly scalable architecture allows inputs from existing network devices, captured files or our in-line tap appliance which transparently intercepts network traffic. The engine performs real time information, files and metadata extraction, which is analysed to take action on the communication flows if used in conjunction with our in-line tap appliance. The extracted information is stored using big data technology, augmented with additional external sources to simplify its analysis and fully indexed for fast access. An intuitive and easy to use web interface allows performing in depth analysis of the extracted and enriched information to meet your organisations needs.

Device Profiling

We are, all of us, creatures of habit and our behaviour can be understood and learnt. Forest Tree utilises the information extracted by the engine to perform Behavioural Learning. By applying innovative algorithms on the extracted information, the behaviour of each user and device can be fully understood individually and as part of a group. Any anomalous behaviour can then efficiently be identified and even take action on it to prevent damage. Whether the anomalous behaviour is a device requesting large amounts of data from areas of your network that it has never accessed before (a possible insider threat) or a printer that is suddenly making connections to IP addresses that sit outside of your network (a possible external attack) Forest Tree allows your analysts to focus on the security alerts that matter.

Learn from the expert

Every organisation has its own peculiarities and risk appetite. Forest Tree includes algorithms that learn the behaviour of entities in your network to identify anomalies. By using semi-supervised machine learning, Forest Tree not only learns from what it sees in the network, but also from the activity of your security analysts. For example, if an analysts identify certain type of traffic as dangerous, its features are included in the algorithm to identify similar anomalies in the event of happening again.

Additionally, active responses can be taken by using our in-line tap appliance. Thus,, if for example an IP address is flagged as potentially dangerous by Forest Tree and blocked by an analyst as it is deemed too risky, Forest Tree can automatically block any related IP addresses until the analyst has deemed them safe. This allows you to have a level of control over your network that was previously impossible. Add this capability to the use of our in-line tap and Forest Tree has the ability to react to and manipulate the network traffic in near-real time.

Real time analysis

Forest Tree’s intelligent technology includes deep learning algorithms that are applied at raw network traffic. This allows instant identification of malicious content or activity to either raise an alert or react if the in-line tap appliance is being used. As a result, the reaction time against attacks is reduce from a median of 20 days, to a matter of milliseconds.

Next Generation User Interface

Forest Tree has an intuitive web user interface that has been built by data visualisation experts and real world security analysts. Security analysts know what data they need to see in order to investigate an attack and Forest Tree shows them exactly this. The vast amounts of data that Forest Tree can capture and analyse allows analysts to see the attack within the context of their entire network, allowing a quick, thorough and accurate investigation into any detected incident to take place.