How we can help you.
THE SKILLS SHORTAGE PROBLEM
i. There is a critical shortage of specialists combining big data and security skills. Neither big data or security specialists are likely to be qualified in the other area, therefore requiring extensive training before becoming proficient. This takes up money, time and resources.
ii. Each security/big data tool (e.g. SIEM) is different and requires a significant effort to master even with experience with similar tools.
Our natural language based, security orientated interface allows security experts to search for information or define complex security rules in their own language.
THE INTELLIGENCE KNOWLEDGE CHALLENGE
The increasing complexity and sophistication of the latest generation of Advanced Persistent Threats (APT) can only be addressed by continuously updating and improving the intelligence of organizations security systems and processes. In a similar way, the increasing need of higher levels of security compliance to prevent above threats can only be addressed by increasing the sophistication and frequency of the security auditing processes.
However, most of the intelligence inside security systems is hiding within obscure configurations and proprietary code making impossible to analyze, validate, share and update this knowledge without help from the vendor or from expensive and scarce tools specialists (e.g. Splunk consultants).
Furthermore, some products (e.g. UEBA tools) don't make their internal rules and machine learning (ML) heuristics visible.
However, this hard-coded intelligence is nothing more than relatively simple rules trying to address common threat scenarios faced by "standard" organizations. Most of these products are not even able to explain how they have reached their conclusions or what the limitations of their current heuristics are.
Make security systems intelligence accessible as a business
oriented interface with easy to understand rules. Our security applications (e.g. Open Intelligence ASD compliance) have been developed using natural language based, business oriented
rules to give the security experts the opportunity to continuously analyse, validate and improve the intelligence of the security applications.
High level concepts like ASD essential 8 strategies are translated into operational concepts taking account each organization processes and policies. Any security recommendation could be traced back to the specific rules that were used to reach this conclusion.
THE SECURITY TOOLS CHALLENGES
Current big data/analytic tools present a number of challenges including:
i. Limited correlation capabilities:
Most of these tools were designed for efficiently executing a large volume of relatively simple correlations. However, the increasing complexity of APT requires long correlations chains across a potentially large period of time.
ii. Lack of orchestration intelligence
Integration and orchestration across security tools continue to be a challenge. More than ever an intelligent layer of integration between disparate security tools is required. For example, a proper management of vulnerabilities would require the orchestration between SIEMs, vulnerability management (VM) tools, workflows and configuration management tools.
i. A smart rules engine capable to efficiently compile/propagate queries and actions to the most suitable tool (e.g. the organization preferred analytic tool). For example, a natural language query is combined with related business rules to generate an optimized Spl (Splunk) query.
Complex, potentially recursive rules can also being created, executed and cached by our rules engine addressing the need of efficiently executing long and complex correlations.
ii. A rest integration layer provides an alternative integration path to other security tools and enable a higher level of integration intelligence; solving the lack of orchestration intelligence challenge.