• Built-in tagging so analysts can share their thoughts on network activity
• Open APIs to connect with your current security infrastructure and workflows
• Includes more than 100 pre-built analytical queries
Implementation: Novetta supplements existing security tools, using an open API to draw data from current SIEM, ID and other security solutions. It operates on-premise on commodity hardware.
Use Case Brag: DoD analysts were capable of handling only four or five incidents per shift. After adopting Novetta Cyber Analytics, each analyst handles 30 times more incidents each shift, according to Novetta's DoD Case Study.
• Niara's Entity360s creates an activity profile based on network "entities," which includes hosts, IPs and users
• Retains historical information
• Behavioral analytics modules can be customized
Implementation: Niara can be used as a standalone product, or you can use its open APIs to analyze data from your current security infrastructure. It can be deployed in the cloud or on-premise.
Use Case Brag: A leading energy company deployed Niara to protect its technology for carbon-free power generation.
Cytegic's solution includes three specific analytics modules:
• Dynamic Trend Analysis uses external threat data from open online sources and cyber feeds to create actionable cyber forecasts.
• The Cyber Maturity Assessment uses aggregate data and data from your own security controls to measure your controls against industry best practices collected from a variety of industry sources and regulations, including NIST, ISACA, PCI DSS, and ISO 27001. It then rates your cyber security maturity level and offers recommendations for improvements.
• Cybersecurity Decision Support System dashboard evaluates your real-time security readiness and allows you to run "what if" scenarios against your security systems.
Implementation: Cytegic runs on-premise with existing cyber security solutions.
Use Case Brag: A bank CISO used the Cybersecurity Decision Support System to identify configuration and deployment problems with the organization's security controls. The CISO was then able to use Cybersecurity Decision Support System's recommendations to create a prioritized work plan and secure funding without an expensive security audit. Within three months, the compliance issues were resolved.
• Monitors Amazon Web Services, Microsoft Office 365, Salesforce.com and Google Apps
• Supports cloud-based data sources such as AWS CloudTrail, Akamai Cloud Monitor and on-premise sources such as Cisco ASA, Sourcefire, Snort, OSSEC and Hyperguard
• Recently secured CSA STAR certification by the Cloud Security Alliance
• Is certified with ISO 27001, PCI DSS, HIPAA-HITECH and SOC 2 Type 2
Implementation: Built on top of AWS infrastructure, Sumo Logic runs in the cloud.
Use Case Brags: Sumo Logic allows IT to monitor user access and configuration changes across all AWS and on-premise workloads, so it's used to generate an audit trail for security and industry regulation compliance. More than 700 customers have deployed SumoLogic.
• No limit on devices that can be configured to send data to Kentik Detect
• Can run analysis on billions of rows of network data and handle terabit-scale data flows
• Detects DDoS attacks
• Can encrypt data in transit
Implementation: Kentik is primarily offered as a cloud service, though it can be provisioned to run on a private cluster within a customer's data center.
Use Case Brag: Yelp used Kentik to provide real-time insights into its traffic, which exceeds gigabits per second, according to Cloud Computing Today. The site also reports that Box.com uses Kentik to perform geography-specific analysis on network traffic to respond to problems before they escalate.
• Platform includes Panaseer Security Data Lake so you can store your network’s raw data
• Automatic enrichment of data around potential security events, including both internal data and • external reference threat data from sources such as WhoIS data and Alexa
• Ability to create your own automations as automated run books or macros
Implementation: Paneseer is deployed on-premise and built on Hadoop using Apache Spark for the processing engine. The company is working on a cloud-based option.
Use Case Brag: Panaseer CEO Nik Whitfield was among the leading UK cyber security innovators who joined UK Prime Minister David Cameron in Washington, D.C., where they discussed cyber security with counterparts from U.S. government and industries. Panaseer is quiet about its clients, but its site notes that the company has several major UK financial services customers and clients in New York City. The company sites running "what if" attack scenarios as one possible use case.
• Identifies internal malware attacks (e.g., APT) after launch but before data is stolen
• Uncovers evidence of well-designed attacks that "hide their tracks"
• Includes console that customizes the alert threshold used to generate alerts from modeling scores
• Integrates with existing security tools
Implementation: TaaSERA offers three appliances designed for commercial, mid-size enterprises or academic cyber security research. NetTrust uses network sensors that are installed as physical or virtual (software) appliances.
Use Case Brag: TaaSERA’s NetTrust detected previously undetected malware attacks within minutes when installed on a regional health care provider’s systems — including overseas attacks on a customer database containing protected health care information. The company was able to resolve the attacks and now uses TaaSERA to maintain compliance with HIPAA Meaningful Use 42 CFR, part 495, and 45 CFR, parts 164 and 170.
IT security startups are bringing technologies such as Big Data, predictive analytics and machine learning to the front lines of the cyber war. While most security analytics tools are marketed as adjuncts to existing security infrastructure, that could change as organizations explore their options and test drive these new tools.
So far, reports are impressive. One hundred percent of organizations that deployed only security analytics experienced a reduction in false alerts or improved actionable alerts, compared to 60 percent of organizations that deployed traditional SIEM tools, according to Enterprise Management Management Associates.
While each security analytics solution varies slightly by what it brings to the table, EMA broadly places these tools into one of three forms: anomaly detection, user behavior analytics and predictive analytics -- or some combination of the three.
To help you sort your options, here are seven new security analytics solutions.
Copyright 2017 Quinstreet Inc. All Rights Reserved.