Security Analytics

Security Analytics sounds complicated. It’s not. It is simply the process involving the continuous, near real-time, collection, analysis, and visualization of all-source logs in order to identify suspicious or anomalous activity.

The speed at which logs are created, by even small enterprises, together with the shear volume (e.g. millions of lines of entries) make it IMPOSSIBLE for a human analyst to visually inspect and detect malicious behavior.

Our Security Analytics solution utilizes the ElasticStack, the world’s leading full-text search engine, analysis, and visualization solution. With ElasticStack we ingest webserver logs, database metrics, network packetflow, and MUCH more in order to spot the tale-tell traces of threat activity.

How IT Works

1

Discovery involves the deployment light-weight agents to search for and identity network devices and endpoints. The devices include workstations, laptops, mobile devices, servers, printers, routers, switches, printers, virtual servers, IoT devices, and cloud-based assets. Discovery seeks to identify rogue, unauthorized, employee- or vendor-owned Bring Your Own Device (BYOD).

2

Protection involves the implementation of policy and the deployment of resources intended to minimize the risk of a cybersecurity event. Protection is a continuous effort to minimize, and whenever possible, eliminate the risk of a cybersecurity event.

3

Detection involves the implementation of policies and procedures in order to facilitate the timely detection of cybersecurity events. These policies and procedures define the human, hardware, and software resources deployed for the timely, continuous, and near real-time detection of cybersecurity events.

4

Response involves the implementation of policies and procedures necessary to react in a timely, effective, and collaborative manner to a cybersecurity event. Response is the rapid mobilization, coordination, and deployment of human and technical resources to contain and resolve cybersecurity events.

5

Recovery involves the implementation of policies and procedures necessary to restore from damage resulting from a cybersecurity event. Recovery seeks to empower the enterprise to rapidly restore, replace, or repair lost data, services, and processes.