Securonix Data Dictionary Standardizes Data Labels to Streamline Threat Detection
Detecting threats accurately is crucial. One of the biggest challenges a security teams faces is differentiating anomalies from true malicious behavior. Is this a real threat or a false-positive? Modern SIEM is helping to answer this question but data inconsistencies at ingestion may drive false positives and false negatives. Data (log) complexity shouldn’t complicate a security analyst’s job further. That’s why you invested in security solutions like your Next-Gen SIEM.
Securonix Next-Gen SIEM solves this data inconsistency challenge by simplifying the way analysts search and label data in a feature known as Data Dictionary. Data Dictionary simplifies ingestion, analytics, and hunting processes by providing consistent and easy to understand labels for data ingested from various data sources. This helps to eliminate false positives and negatives and reduce the time analysts would take trying to find the information/context that was incorrectly categorized. Trying to find threat context is difficult without using a solution like data dictionary labels. The Data Dictionary feature makes threat detection more reliable. This helps analysts to stay on top of true positives and to quickly carry out further investigations to detect potential threats.
Benefits of Data Dictionary
Data Dictionary gives you a more consistent search experience. Customers with the latest release will be able to:
- Simplify and streamline inconsistent data formats from various data sources.
- Help security analysts to get valuable context and be able quickly differentiate false positives.
- Reduce the time and effort a content developer spends creating policies for different data sources.
Data Dictionary streamlines the mapping of data attributes with consistent labeling to simplify and improve searchability. It provides uniform labelling of security data from various sources which otherwise would be inconsistent, labeling groups under a name or label that makes sense for your organization. The unified labels help security analysts get valuable context, which makes it easier to comprehend security data and differentiate true positives from false positives.
Today there is skills shortage, and it’s hard to find and train new security analysts. Data Dictionary reduces the learning curve for analysts with labels that are more intuitive and usable, which means they spend less time training and more time stopping threats. Search is more intuitive because the labels are customizable. It provides better resilience and optimization due to the ability to filter queries based on resource groups tied to labels used.
Accelerate Threat Detection
Labels within Data Dictionary provide a unified structure for data ingested from multiple data sources. Securonix provides functionalities (use cases) with new labels mapped to security attributes (characteristics of an event or a functionality). Content developers can use these mapped labels to create policies across multiple data sources. This reduces the time and effort an analyst or content developer spends on creating custom policies. This means that your SOC analysts can stay focused on detecting threats rather than creating new SIEM rules and policies.
The Securonix Data Dictionary features shown below allow you to select different functionalities and assign labels mapped to the attributes. For example, attributes like baseeventid, used only by a subset of data sources, can be labelled as eventID, a standardized label used across all of your data sources.
The Data Dictionary feature was introduced recently with the Jupiter launch.
If you are Securonix customer and want additional details, please visit our documentation website to learn more.
Not a customer yet? Schedule a demo with our experts to learn more.