SIEM Intelligence

Apply Threat Analytics to detect Unknown Attacks

It is estimated that it is takes an average of 18 months for a data breach to get identified and reported. Millions of events are generated every day from several security products within organizations. Without appropriate business context to most of these events, the events are just noise that must be dealt with by the security team. Amongst all the noise being generated, there are true security incidents that will cause the organization to lose millions of dollars.

Finding the Needle in the haystack

The Securonix Threat and Risk Analytics product uses advanced analytical techniques to detect sophisticated threats. Each event passes through our advanced Threat Analyzers and are assigned a risk rating. Our Threat Analyzers are capable of running advanced techniques like Behavior based anomaly detection, Peer Group Analysis, Rarity analysis, Clickstream analysis, Malware beaconing and threat intelligence hit analysis. These techniques can be applied to streaming events in real time for pro-active threat monitoring. The technology computes and assigns risk scores to critical events in real time and generates alerts for events that require attention.
The Threat Analyzers are also capable of running on historical events to detect low and slow attacks.

Identity & Context Aware Monitoring

Securonix Threat and Risk Analytics enables identity centric and context-aware monitoring. Securonix uses fuzzy logic based correlation to assign events to user identities and allows security practitioners to pull up any user and view all associated events for the user in the last 24 hours or even past 6 months.
Securonix also performs event attribution to enable a device centric view of events. This allows security practitioners to bring up any host or device and view all events for the device irrespective of the data source.

Investigation Workbench

Securonix provides a very powerful visualization tool called the Investigation Workbench. With a drag and drop canvas, the Investigation Workbench is useful to explore data linkages and data flows. With the Investigation Workbench, security practitioners can get insights into linkages between users and systems, systems and systems, IP addresses and systems, users and access and several other relationships.

Enhance your Existing Log Monitoring/SIEM Implementation

Securonix Threat and Risk Analytics has direct connectors to a number of log aggregation technologies including Splunk, Arcsight, Nitrosecurity (McAfee), Syslog-ng and others. By collecting and applying threat analytics to aggregated logs, Securonix is able to detect threats that go unseen by traditional SIEM technologies.

Use the Securonix Threat and Risk Analytics product to:

1. Add Identity Context to events and activities
2. Detect identity enabled security violations
3. Apply Behavior based anomaly detection techniques to detect advanced threats
4. Monitor Privileged Account Misuse
5. Detect Intellectual property Theft
6. Perform User Monitoring on key Applications
7. Incident Response and Cases Management
8. Perform link analysis and investigations in the Securonix Investigation Workbench

Risk Based Approach to Event Monitoring

Focus your efforts on the highest risk events that will harm your organization. Securonix uses a scientific approach to compute the risk associated with the events generated from other security products

The Securonix Threat and Risk Analytics product performs automatic risk aggregation and roll up. This means that a security event impacting a system or a anomalous activity conducted by an account will impact the risk rating of the organizations and users respectively that own the system or account. This ensures that security teams and business executives are aware of the risk trends and are able to act on to mitigate the risks before they turn into incidents.

Quick Deployment, Fast Results

The Securonix Threat and Risk Analytics product is easy to deploy and provides quick accurate results.

To ensure quick and easy deployment in your IT environment, Securonix provides a number of connections for leading security products – Data Loss Protection, Database Monitoring, Network security and even security products for unstructured data. You will be able to collect event data from any source and correlate the information to the correct identity using the easy integration steps.

The Securonix solution quickly provides scoring for events being generated and allows for user event monitoring and security policy violation detection capabilities.