Proprietary AI Built from Real Breaches.
Deep Breach Focus
Profero's proprietary AI model, built entirely from real incident response casework. It powers every scoring, prioritization, and intelligence capability inside Rapid-IR. No third-party AI models. No external dependencies. Client data never leaves the platform.
The Core Engine of Rapid-IR
Deep Breach Focus is the core engine of Rapid-IR, sitting at the center of all four quadrants: Readiness, Response, Discovery, and Intelligence. Within the Readiness quadrant, Deep Breach Focus is what makes continuous readiness possible. It evaluates your environment every day, not once a quarter.
By the time an incident hits, the platform already knows what's broken, what's critical, and what your team should have fixed first. The responder inherits a complete picture — no context assembly, no startup lag.
What Feeds the Model
Deep Breach Focus ingests three categories of input. Together, they give the scoring engine the full picture: your organization's context, your live infrastructure data, and real-world threat intelligence from active engagements.
Tailored Organizational Insights
Region, execution context, qualitative assessment, industry, and threat priorities. This is how your CISO tells the model what matters most. Deep Breach Focus reweights its scoring based on these inputs, so every recommendation reflects your risk profile, not a generic checklist.
Data Sources
Cloud APIs, on-prem connectors, and automated contextual assessments pulled directly from your infrastructure. No manual entry. Environmental data flows continuously into Deep Breach Focus, ingested and scored without human intervention.
From the Trenches
Live incidents our IRT is handling right now. Practitioner experience and expertise. Proactive research. Threat actor activity. This is what makes the model different: it learns from real engagements, not scraped data. What's happening in active incidents today shapes what your Must-Do list looks like tomorrow.
What the Model Produces
Every input processed by Deep Breach Focus produces one of three outputs. Together, they form the operational layer your team works from daily.
01
Breach Recommendations
The scored list that populates the IR-Ready Focused Screen. What your team acts on to close readiness gaps before an incident. Every finding is classified as Must-Do or Recommended, so your team knows what demands immediate action and what strengthens your position over time.
02
Critical Focus Areas
The highest-priority readiness gaps, ranked by real incident outcomes. These are the items where fixing them now measurably reduces response time and containment cost later. Not theoretical risk. Proven impact from actual casework.
03
Live Updates
Readiness scores stay current as your environment changes. No quarterly point-in-time snapshots. When a new threat campaign emerges or a connector ingests new data, the scoring re-runs automatically. Your readiness reflects today's reality, not last month's assessment.
The Scoring Engine
Deep Breach Focus doesn't flag problems. It ranks them by real-world impact. Every finding lands in one of two categories: Must-Do or Recommended. Scoring is dynamic. As your environment changes, priorities re-rank automatically.
nginx not configured to pass x-forward-for from Cloudflare
Must-Do
Attacks appear to originate from Cloudflare's IP, blocking source attribution. Incident forensics add hours without it.
AWS Athena 30-minute query timeout
Must-Do
Data exfiltration forensics on 90-day log scans fail and require AWS support escalation. Investigation stalls.
RDS automated backups retain only 7 days
Must-Do
Discovering exfiltration after day 7 means no pre-incident state to restore. Forensic analysis becomes impossible.
Scores live on the IR-Ready Focused Screen. The scoring engine is what makes rapid response credible. When a responder inherits a case, the environment isn't blank. It's a scored, prioritized view of exactly where gaps existed and what the team was working toward.
Deep Breach Focus in the Readiness Quadrant
The Readiness quadrant is where Deep Breach Focus runs continuously. Three features translate its scoring into a daily readiness practice. Not a quarterly report. Not a one-time assessment. An IR readiness practice that updates itself.
Focused View
Every finding scored by Deep Breach Focus lands here as Must-Do or Recommended. This is the operational dashboard your team works from daily. When priorities shift, the view updates. When new intelligence arrives, new findings appear. The Focused View is the living output of continuous scoring.
Cloud and On-Prem Connectors
Environmental data flows continuously into Deep Breach Focus, ingested and scored without manual entry. Cloud APIs and on-prem connectors keep the model current with your actual infrastructure state, not a static inventory.
Threat Priority Model
Security leadership defines organizational priorities. Deep Breach Focus reweights its scoring model accordingly. Every recommendation reflects your risk profile, not a generic checklist. When the CISO says "ransomware is our top concern," the entire scoring model adjusts.
See What Proprietary AI Built from Real Casework Actually Looks Like
Talk to the team that built the model and uses it on every engagement.
Talk to Our IR Team