Published on July 9, 2021
SIEM solutions are all about gaining better visibility. They aim to eliminate blind spots by gathering all of your security data into a single pane of glass. So, why would a solution that grants SOC analysts a holistic view of security data leave security administrators completely in the dark?
Most SIEM solutions lack granular visibility into the amount of data ingested as it enters the SIEM, forcing admins to rely on the vendor’s operations team for information around their data usage. For example, a data source ingester could be down for weeks, or even months, without an admin knowing, leaving the organization blind to would-be threats.
As part of the 2021 Jupiter launch, Securonix SaaS customers now have access to Activity Monitor, an interactive UI that gives administrators visibility into EPS by data source. Customers can access Activity Monitor in their existing Securonix UI to view and analyze data ingestion in real time and sort by log source. This visibility allows security teams to fine-tune usage as needed and quickly understand and fix any ingestion bottlenecks before they become larger issues.
Unlock Complete Visibility for Infrastructure Monitoring
Activity Monitor solves the pain points described above by allowing admins to peek behind the curtain and empowering them with easily digestible infrastructure monitoring. With Activity Monitor administrators can:
- Filter events by data source, ingester, time period, and graphical output type.
- Visualize data ingestion with graph displays in real time.
- View data ingestion over time, allowing for in-depth trend analysis of up to a year’s worth of data.
Activity Monitor also lets MSSPs and large enterprise organizations with multiple ingestors monitor and filter data on a per-tenant level, allowing for a granular level of control.
Understand Your Usage and ROI
Along with providing visibility into operations, Activity Monitor also ensures transparent pricing and the ability to analyze and fine-tune data usage. You can monitor specific data sources to easily identify how much volume is being used and where that usage is coming from. If there are overages you can adjust your license as needed, or even delay data ingestion from specific sources. This level of control helps organizations unlock significant cost savings and have complete transparency in their usage and billing.
Eliminate Blind Spots and Mitigate Risk
The goal of any SOC is to mitigate risk and stop threats before they can cause serious damage. So, if a data source stops being ingested by the SIEM, there may be a big problem, especially when analysts and admins have no way of knowing about the delay.
Activity Monitor reduces the time it takes to identify when a data source has stopped sending data and empowers admins to quickly take appropriate actions as needed. This reduces the time it takes to fix ingestion issues and frees you from having to rely on the operations team for simple service disruptions.
Securonix Continues to Invest in User Experience
At Securonix we believe that data usage should be simple and transparent and we give our customers the ability to drill down and truly understand their SIEM. We are continuing to invest in and improve our products for analysts and administrators alike by removing friction, improving time-to-value, and modernizing our UX. By giving analysts and admins better visibility and tooling, we can empower organizations to better protect their users.