Security Analytics

The sophistication of modern cyberattacks, the persistent nature of advanced threats, and the importance of managing business risk on a continual basis requires enterprises to reevaluate their entire security ecosystem. It’s now critical that security analytics include a detailed analysis of information on users, attacks, context, time and location from identity, endpoints, servers, apps, web and email servers, and non-traditional systems.

The adoption of cloud, mobile workloads and hybrid deployments has magnified the need for visibility into cloud services and applications. This requires a dynamic infrastructure and application-wide view of activities to identify, investigate and respond to internal and external threats in real time.

ADACOM’s analytics-driven security solutions provide a comprehensive approach to cybersecurity, including advanced techniques like machine learning and behavioral analytics. These techniques help security teams quickly identify, investigate, and respond to threats based on a broader security context than is possible with legacy security products. Security Analytics solutions can be deployed on-premises, in the cloud or in a hybrid cloud deployment.

Use Cases

  • Insider Threat Detection: Automatically detect insider threats using machine learning, behavior baselines, peer group analytics and behavior analytics.
  • Advanced Threat Detection: Use kill chain analysis to trace the different stages of an advanced threat, link the sequence of events and enable targeted remediation.
  • Fraud Detection and investigation: Detect, investigate and report on a range of fraud, theft and abuse activities in real time. Security Analytics complements existing anti-fraud tools by indexing event data to give an enterprise-wide view of fraud, or to create an aggregate fraud score for a single transaction.
  • SIEM: Use for enterprise SIEM use cases such as incident review, incident management support, analytics and behavior profiling, threat intelligence and ad hoc search. Large enterprises use Security Analytics for a full range of information security operations – including posture assessment, monitoring, alert and incident handling, CSIRT, breach analysis and response, and event correlation. Security Analytics can be used as a SIEM to operate security operations centers (SOC) of any size.
  • Rapid Incident Investigations: Collaboration enables SOC analysts and hunters across an organization to rapidly investigate incidents using ad hoc searches with existing correlation based on all security relevant data. They can use past history to determine root cause and next steps.
  • Compliance Reporting: Create correlation rules and reports to identify threats to sensitive data or key employees and to automatically demonstrate compliance or identify areas of non-compliance in regards to technical controls such as: GDPR, PCI, HIPAA, FISMA, GLBA, NERC, SOX, EU Data Directive, ISO, COBIT, and the CIS Top 20.
  • Log Management: Consolidate, collect, store, index, search, correlate, visualize, analyze and report on any security relevant machine-generated data to identify and quickly resolve security issues. Ad hoc queries and reporting across historical data can be accomplished without third-party reporting software. Security Analytics supports log data enrichment by providing flexible access to relational databases, field delimited data in comma-separated value (.CSV) files or to other enterprise data stores such as Hadoop or NoSQL.
  • Incident Review and Classification: View a single event or get a roll-up of related system events and an incident management workflow for security teams. Easily verify incidents, change their status and criticality, and transfer among team members, all while supplying mandatory comments about status changes. Status changes are audited, monitored and tracked for team metrics. From within the incident review view, analysts can now use risk scores and in-context searches to determine the impact of an incident quickly and to generate actionable alerts to respond on matters that require immediate attention.
  • Customizable Dashboards: Create your own security portal based on your role and the things that matter to your organization. Organize and correlate multiple data sources visually in a single user interface to find relationships and gain context.
  • Asset Investigator: Visually correlate events over time for any IP address. This helps the analyst gain insight into time relationships across events.
  • Unified Search Editor: Use a user-friendly, consistent search creation experience—including guided searches—for key security indicator or key performance indicator correlation searches, and identity and asset investigation visualizations.
  • Statistical Analysis: Pre-built dashboards will help you identify anomalies in event and protocol data. The dashboards are pre-built using autoconfiguring thresholds and baselines.
  • User Behavior Analytics: Threats detected by UBA will show up as alerts to support Security Operations workflows. The UBA detected anomalies can be used as a starting point of the investigation, do ad hoc searching and pivot for detailed incident review and breach analysis. For incidents that have UBA anomalies associated with them, users can now view specific details on the source of the anomalies.
Top