Skip to main content


CheckMate is CCG’s flagship offering and a complete self-contained cyber-defense security solution. It provides all components needed to combat 18 of the 20 SANS 20 Critical Controls in an affordable package. CCG’s CheckMate includes the industry-leading Cyber Security SME “Phen.AI”.  CheckMate implements an Advanced Persistent Defense (APD) architecture and is powered by Phen.AI.  CheckMate employs a robust API to test applications and systems against the very latest threats known to the IT industry.  CheckMate employs cognitive learning and investigates any device on the network, endpoints and detailed network traffic, uses behavioral intelligence, state-of-the-art knowledge base of vulnerabilities and MITRE ATT&CK to detect attacks and identify threat relationships across security events, system logs, Netflow, and deep packet inspections.  CheckMate provides real-time network and endpoint monitoring, signature alerting, profiling, and anomalous activity detection. CCG provides 100% coverage of your network 100% of the time and verifies all connects to networked systems through both passive and active pen-testing preventing hidden and dark spots for the bad actors to gain a beachhead and hide.

CCG is leading the evolution of artificial intelligence (AI) in Cyber Security. CheckMate customer can detect and stop Insider Threats, malware.  Advanced Persistent Threats (APT).  Customer will have an efficient view across their network telemetry, and Active accelerate investigations, analyze user behavior, and prevent disaster by locking down sensitive information. CheckMate to reduce damage, expenses and recovery time from potential breaches.  Customers receive insightful alerts that help quickly detect and investigate internal and external attacks.  With the convergence of Complex Distributed Systems and the Internet-of-Things… Computer Security is ready for true, Humanoid AI that is able to extract knowledge and understanding from the world of attack and defense of those computer in digital network including

  • Detection and Identification of threats and APTs by connecting the dots across multiple information sources (system/application logs, DNS, DHCP, Netflow, DPI, firewall, honeypot).
  • Detection of new and abnormal protocol usage for collecting, encrypting and moving or exfiltration of information.  And the ability to track efforts to blend into normal network traffic.
  • Information: Netlow, DPI, network protocol and application knowledge

Specific bullets of features added, based on some common problems:

  • Non-scripted scenarios outcomes utilize dynamic humanoid AI to ensure results are based on adjustable analytics that is driven by one or more of the most potentially optimized results.
  • Non-singular optimizations Phen.AI will look at variables with the environment to review options that will ensure multiple paths to optimizations. Phen.AI is focused on how to get to the best optimization, not only results based on inputs.  Phen.AI will provide input on various changes to external influences that will result in the best and fastest optimizations.
  • Cognition While investigating a scenario, Phen.AI acquires knowledge and understanding through thought, experience, and the senses. This provides an understanding of the added reinforcement learning on all stages and influences of the scenario allowing Phen.AI to optimize any part of the scenario resulting in the strongest overall optimization results.  Phen.AI also provides an enhanced analytic function that will allow seeing history and real-time data.
  • Data Visualization: CheckMate’s modular approach provides customizable and extendable visualization GUI. Visualizations are tied to many layers of the system from Data, and analytics, to optimized results.  The GUI presentation uses similar methods already used for easy adoption but is more dynamic and complex underneath allowing for endless expansion in GUI presentations and manipulation of visuals.  End-users still may manage visual results ad-hoc or with the many provided visual reports.  Phen will also provide visual reports writing new presentations as required to demonstrate and understand results.  With CheckMate the visualizations are provided in the analytic stack and tie the data directly with the Modeling and Simulation tools and any other visual presentations and reports required.
  • On-site, central, server-based: CheckMate provides a single on-premises secure private cloud solution to manage, control, and present all components in the analytic stack from data ingest to the presentation of results and reporting. CheckMate provides optimizations in a scalable High-Performance Computing (HPC) package.
  • About the Established proven platform: CheckMate has been utilized and proven successful with the Army Intelligence and within SCADA/ICS networks. The CheckMate product provides a rock-solid server and analytic platform ready to provide proven results for our customers.
  • Manage, Find, and Present data: Data at the heart of Phen.AI and the CheckMate analysis platform. CheckMate can import and organize any data format for storage. The information is handled and saved, allowing the end-user to correlate and interpret the data. To handle and transmit terabytes of data in seconds, the data is immediately searchable and retrievable. CheckMate is expandable and can hold as much data as the customer need.

Deployment:  CCG provides CheckMate security in a modular deployment to provide the Central Analytic system. The system contains scalable components to manage data storage, analytic speed, and visual results to fit the customer’s needs.  The Analytic system provides a collaborative multi-user security development environment (SDE) and analytic compute nodes (ACNs) that scale to meet customer requirements.  CheckMate security solution will expand to meet the strictest speed and data storage requirements.  The SDE and ACNs are provided as needed to manage network complexity and real-world development environment operations, as proven by the NSA world architecture.  Phen.AI’s orchestration, automation, analytics, visual engine, and reporting are controlled in the AnalyticCore.  The analytic team will interact with Phen and CheckMate at the AnalyticCore through the server GUI layer.  In this way, CheckMate provides a stronger approach in a quick, easy-to-deploy, hands-off setup, ensuring a complete solution by providing you with analytics, reports, and optimization suggestions.

CCG is delivering solutions derived from the world’s most comprehensive developed intelligence platform called Phen.AI. CCG’s innovative Cyber AI spans global finance, energy, health, devices, social media and more. With the power of Phen.AI, CCG is solving not only today’s most complex cybersecurity problems, but tomorrow’s as well.


This solution contains patent-pending technology providing the ability to detect and manage known vulnerabilities as well as use fuzzing to detect anomalies and penetrate systems with new and unknown flaws. It uses well known suggested settings and configurations from NIST, DISA, and others to ensure systems are configured to be as secure as possible. CanSecure has an extensively written API allowing the integration of our signature vulnerability scanning software with third-party products. The CCG-designed humanoid artificial intelligence is used to perform system administrative duties involving configuration setup and adjustments, fault correction and extending system scanning, penetration testing, Red and Blue Team exercises capabilities of devices.

It provides auditing that follows various leading standards for compliance (NIST, PCI-DSS, CAESARS) and ensures configuration checks and settings comply with industry standards (NIST, DISA-STIG, SCAP). It uses standard risk assessment scoring (NIST CVSS) and reporting to help identify and prioritize the resolution of vulnerabilities..


This solution provides a higher collection and view of the network’s activities, objects, and evolution, IE: ‘weather patterns.’  Providing system and application data paths throughout the customer’s network. Network traffic detects trends, hotspots, communication patterns, device interactions, importance of areas in the network.

We utilize a lighter level packet inspection vs a traditional IDS, to provide an array of low-cost sensors to enable seeing all activities and actions inside the network. NeTERS works in conjunction with existing IDSs or can provide those capabilities within NeTERS. Packet capture provides malware detection and flow through the network and between hosts, identifies files and watches how they are passed throughout the network, and detects data exfiltration.

NeTERS has the ability to tag, collect, trace and inspect media documents, file documents, web code, and applications in transit, and identifies where various files have moved through the network. NeTERS can also track viruses and virus paths, identifying which systems have been infected. NeTERS can also create network maps in real-time, and has the ability to correctly reconstruct the state of the network at any point in time.

SLA, The SMART LogAnalyzer (SLA)

The SMART LogAnalyzer (SLA) will utilize an analytic and HDFS cloud storage systems for collection and processing of ingested information (EX: Netflow, device logs, alerts). Going to the cloud for storage allows continuous growth of log storage that will enable the software to process new cases in analysis for security purposes. Since cloud storage is built on commodity hardware, and expandable on-demand, it reduces the cost to start and grow your data set.

Since SLA provides a log repository from many different systems, it is able to make correlations between logs that were never before available. Providing full insight into users’ movement through the network and analysis of systems like never before. Since this contains the logs of your entire enterprise, including their weaknesses and attack points, you want to keep this in-house and have full control over the data. You don’t want to unwittingly expose your site by providing the keys to enter. SLA provides the security necessary to guard and protect these key information assets. Our threat analyzer (a component of SLA) provides a mechanism to explore and use business intelligence techniques to ferret out relationships among the data sets to further identify strengths, weaknesses, and vulnerabilities. SLA provides real-time monitoring, signature alerting, personal profiling, and anomalous activity detection, and provides a graphic interface that goes beyond simple graphic indexing with CCG-provided visuals and dashboards.