Security Intelligence and Analytics Platform

With the continuing rise of breaches more companies are taking the initiative and adding a better means to discovering unknown threats by adding a platform for advanced security analytics.

Overview

As attackers have become more sophisticated, attack surfaces have expanded, and the number of attacks increased, organizations find themselves exposed to an onslaught of novel and previously unseen attacks. Combined with the threat of inside rogue users, its clear organizations face an enormous challenge.

  • Can’t Access the Data
  • Limited Advanced Analytics
  • Long Time to Mitigation
  • Lack of Tools Intended for Security Analysts

Big Data Meets Cyber Security

To address these needs and challenges System Soft Technologies has assembled a solution accelerator combining a cohesive set of available open source products in a pre-integrated, pre-engineered package. As a services company there are no license fees for this solution. Our customers benefit from our services upon initial deployment by leveraging the work we’ve already invested in operationalizing this set of products.

Security Use-cases

  • Insider Threat Detection
  • Threat Hunting and Forensics Investigations
  • Compliance Reporting
  • Threat Intelligence Integration
  • Advanced Security Analytics

System Soft Technologies has identified 4 main attributes that make our solutions work successfully for all Cyber Security Intelligence Analytics platform deployments. These attributes are Scalability, Extensibility, Deploy-ability, and Future Readiness. When developing any Security Intelligence and Analytics solution for our clients we insure each solution includes these essential attributes.

100%x475

Modern Cybersecurity Architecture - When SOCs implement an Analytics Platform for Cybersecurity, they gain a single, comprehensive repository of security data that allows them to keep information online indefinitely.

Security Data Lake – SST has selected a best-of-breed storage stack based on Hadoop technology and ensures the implementation is easily and readily deployable through its extensive internal engineering testing and field deployments.

High Speed Ingestion - Security telemetry is constantly generated, and needs to be immediately collected, normalized and stored at extremely high speeds to make it easily accessible for advanced computation and analytics.

Efficient - Cost effective data storage is necessary so that logs and telemetry can be efficiently mined and analyzed with long term visibility and full packets can be extracted and reconstructed to help trace who the true attacker was, what data was leaked, and where that data was sent.

Accelerate Threat Mitigation - The Platform greatly speeds investigation and shortens the time for breach mitigation. This allows responders to immediately access historic and real-time data in order to quickly make it through their flagged events.

100%x475

Application Framework - The solution is an application framework that enables a single view of diverse, streaming and batch processing security data at scale to aid security operations centers in rapidly detecting and responding to threats.

Pluggable Framework - An open pluggable framework enables easy creation of new parsers to integrate into batch and streaming feeds, enrichment processes, and the extensible analytics schema.

Standard BI Interface - All queries and reports are available in Zeppelin and Tableau, or use your own Enterprise standard!

100%x475

Operationalization - Adding Kylo to the solution eases the management and configuration of your live data feeds.

Tested Parsers - Included are loading routines and parsers for the most common data sources such as MS Windows, Cisco ASA, Bluecoat, etc.

Compliance Reporting - Included are a complete set of compliance reports ready to fit into any organization’s larger compliance initiative for regulations such as PCI, HIPAA, FISMA, NIST, etc.

Threat Intelligence - Adding OpenTAXI Server to the solution means all data sources can easily be enriched with the latest threat intelligence information for known bad IP addresses, domain names, and URLs.

Insider Threat Detection - SST included a comprehensive implementation of user behavior analysis including advanced statistical and machine-learning techniques with a human-assisted feedback loop.

Incident Response and Forensics Investigation - An augmentation to SIEM capabilities inclusive of packet replay utilities, evidence store and hunting services commonly used by SOC analysts.

100%x475

Real-time and Batch - All data loading parsing routines accommodate both batch and real-time processing

Structured and Unstructured - To accommodate all scenarios SST deploys the solution with all data feeds and enrichment processes going to both batch and real-time subsystems.

Spot and Metron - SST is committed to deploying solutions that will support analytics intended for either product, all in one environment.

Critical Thinking. Collaboration. Success.

Copyright ©2017 System Soft Technologies. All rights reserved.