Security Analytics 2.0 and the Future!

By Sachin Nayyar, Chief Executive Officer, Securonix

The internet has changed the lives of millions – billions of people around the world. It is how we connect, interact with one another, run our daily lives in both personal and professional situations. And with this drastic change, there is a new demand for security as we operate with the help of the internet. Just as society as existed for as far back as recorded history and beyond, so has crime. And as we must prevent physical crime, we must also ensure cybersecurity. We must protect our online activities from cyber crime that is conducted by the users of the internet, and online actors.

Securonix pioneered the user entity behavior analytics space and is now leading the charge in defining the vision for the next-gen cyber security monitoring platform. Our objective is to enable individuals and organizations to conduct their business on the internet securely. Securonix is striving to improve the efficiency and effectiveness of modern security operations center (SOC) against advanced threats using the power of big data, behavior analytics, and automation.

Securonix SNYPR platform debuted on the 2017 Gartner SIEM Magic Quadrant and was positioned as the most visionary solution! In 2018, SC Magazine rated Securonix as the best SIEM. These accolades are huge testament to what we have built, our execution and our ultimately vision.

At BlackHat USA this year, we are launching “Security Analytics for Dummies” book, with the objective of sharing our vision on how AI, machine learning and data science can enable the new mechanisms of securely operating in a modern, internet-enabled world. With security analytics 2.0 we can keep cyber crime at bay, and in this publication we lay the foundation of what to expect going forward!

The Need for an Open Big Data Platform to Be the Center of All Security-Relevant Data

  • We believe that organizations should own their data and should not be tied to any proprietary vendor data format.
  • Companies should have the power for infinite scale.
  • Companies should have a single platform to store unlimited data.
  • Companies should not to pay by the GB.

Given the above, we strongly believe big data, specifically Hadoop is the only answer, and companies should think of building a security data lake (SDL) to handle the massive volume and variety of security events. Securonix is built to run natively on Hadoop and can sit on top of the SDL or help customers create their own SDL.

Need for Analytics

We believe that machine learning and behavior analytics is required to detect unknown and advanced threats. This is whole premise of why we created Securonix.

  • The internet is orders of magnitude larger than any technology we have ever seen before it. And by operating on the internet, we create – and need to understand an amount of data we have never seen before.
  • Today we have a team of over 110 people in our threat research, threat hunting, and data science team!
  • We have invested over 3 years of R&D in building our big data Hadoop based machine learning and analytics platform to ensure all the required capabilities are present. We do not believe a mature, sophisticated SIEM can be built in months.
  • However, we believe a single company cannot provide all threat models that are required. Securonix has created a Threat Exchange for our customers and partners to share their threat models and several of our customers have signed up for this. We are in the process of reviewing all the legal items around this and taking this live.
  • Securonix has opened up the platform for customers and partners to create new analytics models which are essentially Spark jobs that run in real-time on Hadoop.

Integrated Investigation and Search

  • We believe that customers are looking for either a fully integrated or a pluggable solution for investigation, search, and response.
  • We provide complete visual link analytics to help investigators review a hypothesis in minutes to hours that could take days or weeks.
  • We have added advanced search capabilities with the ability to search on enriched data – enriched with user and system attributes.

Case Management and Automated Response

  • We have added incident playbooks and integrated with incident response automation and orchestration providers.
  • We recently introduced ResponseBot with ability to provide automated recommendations by learning the behavior of Tier2/Tier 3 analysts.

What’s Next …the Future!

Security management has been primarily about threat detection – finding the needle that may be the cause of a cyber catastrophe for an organization, in a stack of needles. However, security management centered on detection has proven not to be actionable. Creating a list of threats without context, without recommended remediation actions, without an understanding of the actors and their motivations is useless in the modern internet age. This is why we believe that security management must evolve to Security Analytics and Operations Management.

  • We believe security analytics is evolving into a complete Security Analytics and Operations Management (SAOM) platform providing end-to-end monitoring, detection and incident response, and recovery capabilities for SOC.
  • As the evolution continues, we see capabilities such as Vulnerability and Threat Management and Risk Governance embedded and managed through the SAOM platform.

We strongly believe Securonix is the Security Analytics and Operations Management Platform that can enable the modern internet activities that individuals and organizations demand in the 21st century and beyond.

Let us help you usher this new age of secure, internet-dependent business operations.