Security Intelligence Platform
Actionable Security Intelligence
Securonix is the industry leading platform for Security Intelligence that provides advanced monitoring and threat detection capabilities. With a powerful Anomaly Detection Engine, the Securonix platform analyzes identity, access, activity and transaction data from your critical applications or existing security tools to identify high-risk events, activities, users, accounts and access for focused, proactive threat identification and risk mitigation.
Where current event monitoring technologies are focussed on data collection, retention and compliance reporting at the perimeter, Securonix focuses on detecting advanced threat patterns and even Insider Threats. Securonix continuously analyzes the billions of events generated on your network, systems and applications and pin points the suspicious events that require further investigation. The Securonix risk engine continuously risk ranks threats and actors, enabling organizations to prioritize their investigations. Securonix provides a versatile investigation workbench and integrated incident response system that provides security analysts the ability to perform visual link analysis of events, accounts, users, access, activities, systems and even network addresses.
Visibility and Context:
Securonix provides unprecedented visibility to security analysts and security executives. By integrating security events, application and host activity logs with identity and access data, Securonix fills a lot of gaping holes currently present in the security fabric of most organizations.
Signature-less Threat Analytics:
What sets the Securonix Security Intelligence engine apart from other solutions in the industry is the use of our proprietary signature-less threat detection algorithms that continuously scan your data to pin point rogue activities, abnormal security events, and access privileges. The Securonix technology utilizes intelligent behavior based analytics and peer group analysis techniques to detect unseen attacks launched from within or outside the perimeter of your organization.
Risk Based Investigations:
Securonix enables a risk based approach to security. Securonix provides up to date risk score cards for users, accounts and resources. With continuos risk aggregation and scoring, the Securonix application ensures that security analysts are focussed on the highest risk events. Business owners and System owners are provided with up to date score cards for their domains.
Use Securonix as an enterprise security analytics platform to find abnormal patterns in user access, activities and violations and get more context for your current SIEM, DLP, Log Monitoring or IAM solutions.
Modules and Capabilities
Get answers to the “Who done it?” question
People attack organizations. Legacy monitoring systems do not tie the “Human” element to security events. As a result, security analysts do not get the complete picture and are unable to detect attackers.
Securonix has the industry’s most advanced Identity Correlation engine. The correlation engine provided by Securonix performs direct and fuzzy matching on accounts and IP Addresses observed in security events. With our Identity matching techniques, we are able to tie more then 98% of the events back to the user performing those events. If the engine is unable to detect an exact match, it provides a probabilistic best effort match to the user identity. By using this powerful technique, Securonix enables you to get a 360° view of Who is doing what on your systems and applications.
Detects Suspicious Activities and Risk Ranks Threats for Proactive Remediation
Modern threats faced by organizations are not being detected by traditional signature based monitoring technologies. Securonix has fundamentally changed the way organizations defend themselves. Our innovative Signature-less threat analyzing techniques operate on security events in real time and categorize them as malicious or normal. Our Threat Analyzers employ advanced mining techniques to determine the maliciousness of an event. Furthermore, each malicious event gets a Risk Score that helps security analysts prioritize their investigations on the highest risk events.
Securonix Threat Analyzers are a combination of advanced mining techniques developed over years of research by experienced scientists and heuristics provided by our core security group that applied these techniques to several large and medium sized businesses in heterogenous environments.
Behavior Based Threat Analyzers
Almost every Attack has one common theme. The attack exhibits a behavior with characteristics that are fundamentally different from the “normal behavior pattern” seen on the system. Securonix provides a unique solution that pin points these changed characteristics and determines if the attack in under way. The Securonix solution can evaluate over 120 different characteristics to provide an accurate rating of the level of risk posed by the malicious activity.
This capability allows for “signature-less” security management that self-adapts to the environment and pro-actively identifies suspicious behavior before it is too late.
Peer Group Based Threat Analyzers
While it may be possible for attackers to camouflage their behavior to morph into the normal behavior patterns, it is virtually impossible for them to change the behavior of the entire group of individuals or systems. Securonix is the only solution in the industry to use a advanced peer group analysis technique to detect suspicious activities by comparing entity behavior patterns against the patterns of multiple peer groups of that entity. This technique is especially useful in the detection of Insider threats and account misuse or even hijacking of privileged accounts.
Analyze Security Events to detect Advanced Threats
Securonix adds business intelligence to events generated by security solutions. By correlating security events to user identities that are performing those events and tying security events to the systems on which these threats are detected, the Securonix solution provides valuable business context to events and reduces the unnecessary noise. This enables Security professionals to focus on targeted remediation. Securonix consumes security events, performs identity and event correlation and appliaes advanced threat analytics to detect attacks.
Use the Securonix Security Event Risk Analytics module to add business intelligence to security events. By using a comprehensive security policy engine that spans user identity, access, activity and event data, the Securonix solution performs continuous monitoring for enterprise security policies.
Security Policy Engine: Set Contextual and Compliance Based Policies
Securonix provides a self-service policy engine for custom policy development or industry standard out-of-the box risk and compliance policies. Context aware policies automatically apply business and identity changes such as role and HR status changes to the context of security alerts or activity for immediate and proactive management.
Reporting and Analytics
Securonix leverages its data rich repository of correlated information and analytical tools to give the user complete flexibility in creating custom views and reports while performing powerful security analytics.
The Securonix solution provides more than 120 different reports including High Privileged Account usage reports, User Activity Report and top 10 Reports required to meet compliance objectives.
Identify, Detect, Remediate High Risk Access Privileges
Rogue access privileges held by Users and Accounts are often misused to perform malicious activities within organizations. Current access control techniques including Role Based Access Control and Attribute based access control requires months and years of business process alignment. Furthermore, the current access rectification processes put in place are often conducted on semi-annual or annual basis and leaves a big gap in enforcing effective security controls.
Securonix is the only technology in the industry that is able to quickly analyze access privileges and identify rogue access privileges held by accounts. Use the Securonix Access Risk Analyzer module to identify the rogue access privileges held by users that require remediation. With a targeted risk based approach to access management, Securonix enables risk based certifications, risk based access requests and even clean up of access on legacy applications.
Available as Software or Appliance
Securonix Security Intelligence Platform is available as a Software to run on your enterprise servers (physical or virtual) and even as an appliance.
The Securonix application can be run on a single server or scaled horizontally to meet your computing needs.
Securonix has native integration with a majority of products in the security industry – Log Management, SIEM, Database Monitoring, Identity Management, DLP and Privileged Access Management solutions.