MENDEL detects known threats using a comprehensive set of detection signatures that is updated several times a day. This method can detect known threats that avoided detection firewalls or intrusion prevention systems at the perimeter or that get into the network by other means such as those introduced through BYOD policies.

The detection signatures targets a wide range of security incidents including exploits, vulnerabilities, breaches of security policies, and non-compliance with best practices. As a crucial advantage over an IPS or a firewall that are deployed inline, GREYCORTEX MENDEL is deployed as a passive solution. Therefore it can use several tens of thousands of detection signatures without any concern for affecting the network performance. The system also utilizes threat intelligence databases of known malicious IP addresses or files.

When analyzing a security incident, users can display the data content of the communication, wide contextual information on this particular security incident, and all network flows related to this incident.