Enterprise SIEM

High Speed Enterprise SIEM
Huntsman Security’s Enterprise SIEM is a high volume, high speed monitoring and analytics solution capable of delivering in excess of 5 billion events per day.  The technology is built for accurate real-time threat detection, data analysis, investigation and reporting on cyber security threats and compliance.

The Enterprise SIEM software integrates behavioural anomaly detection with traditional policy driven or rule and pattern-based analysis to detect unknown and unknowable activity from insider and external parties.  The technology uses machine learning to highlight statistical or behavioural anomalies that can indicate a security attack, data loss, insider misuse  or other issue.

 

Enterprise SIEM: An Overview

Huntsman-TI3

 

Behavioural Anomaly Detection

Behavioural Anomaly Detection (BAD) is sometimes referred to as User Behaviour Analytics (UBA), User Entity Behaviour Analytics (UEBA) or Security User Behaviour Analytics (SUBA).

Video: What is Behavioural Anomaly Detection and why do you need it?

 

The BAD engine ensures suspicious activity, whether by users, machines or applications operating across the network can be easily detected , investigated and resolved based on learned profiles of baseline behaviour that can be fixed once derived, or continuously variable network grows or patterns of use evolve.

 

Enterprise SIEM: Benefits

  • Single solution for all security and compliance monitoring, data analysis and reporting
    • Real-time detection of cyber threats and insider misuse
    • Visibility of anomalous activity within the network, operating system and application layers
    • Correlation of known threat intelligence and asset information with behavioural data to significantly enhance  event context
  • Shortens the time from threat detection to resolution
  • Automates the collection of contextual information relating to a threat, with support for external threat  intelligence feeds and internal context
  • Speeds up the time consuming processes of: 
    • Configuration and rule definition, using machine learning and behavioural profiling
    • Investigation, with powerful, contextual query and reporting interface
  • Removes uncertainty – delivers precise security information to operations, management and audit stakeholders 
  • Allows incident investigators to immediately answer key questions ‘who, what, where, when and how’ around an alert 
  • Designed and developed for security critical organisations

 

Enterprise SIEM: Features

Huntsman Security’s Enterprise SIEM supports the entire security management lifecycle – from data collection, threat detection and alert analysis, to reporting, incident response and resolution.

Flexibility and Speed:
  • Flexible architecture that supports highly scalable data flows and storage across multiple live/accessible repositories
  • High-speed (in excess of 5 billion events per day), real-time collection with stream-based processing and analysis of log, event and system data for correlation and alerting to detect non-compliant activity
  • Adapts to authorised network changes, gradual trends, usage spokes and work patterns
  • Automatically distinguishes suspicious and risky outliers from normal events
Analysis and Response: 
  • Real-time analysis of user, device, application, network activity and other data sources to detect: 
    • Advanced Persistent Threats (APTs)
    • Smart, customised and targeted malware
    • Malicious or negligent insiders abusing access and putting information at risk
    • Data exfiltration, lateral movement and the use of credentials by attackers
    • ‘Unknown’ an ‘Unknowable’ external and internal threats
  • Connects and tracks multiple concurrent alerts across multiple sources and seemingly unrelated events from diverse information silos to quickly determine hidden or unexpected relationships
  • File and directory integrity monitoring for ad hoc or scheduled reporting
  • Passive ICT asset mapping to trace threats and prioritise business risks
  • Prioritisation of alerts for immediate intervention or automated response
  • Comprehensive alert tracking and incident management with automated workflow support, case data management, and reporting for incident investigation, escalation and resolution
  • Integration with third party ticketing, SNMP/network managerment, API access and incident remediation solutions
Security Visibility and Business Intelligence: 
  • Clear security business intelligence interface for data-driven investigation and drill-down queries with tabbed data views and interactive filters
  • Live threat and risk dashboards for compliance and security status reporting to stakeholders
  • Visual analysis GUI so metrics, key information and sensitivities can be displayed and tailored to meet precise profiling requirements
  • Extensive range of in-built, customisable reports which are automatically created, distributed and stored at scheduled, trigger driven or ad hoc times
  • Role-based access control and audit trails with evidential replays of all operator actions
Extensive Data Source Support:

Enterprise SIEM provides flexible sensor/agent/agentless collection from syslog, event logs, file-based audit trails, XML, database query and network flow data:

  • Operating systems, database and application platforms
  • Email/messaging
  • Storage devices
  • Firewalls, proxies and web/mail/content network gateways
  • Server, email, endpoint  and sandbox AV /malware solutions
  • Network components (LAN, WAN, WLAN, load balancers, NAC, VPNs, DNS etc.)
  • Intrusion detection and prevention systems (IDS/IPS)
  • Packet capture solutions
  • End point/host security solutions including DLP
  • Common Cloud providers (IaaS/PaaS/SaaS)
  • IAM/IDM, Authentication and PAM
  • Vulnerability scanners and configuration management
  • Ticketing and service desk systems (including two way integration)
  • A range of Threat Intelligence feeds 

The Huntsman Enterprise SIEM is a Cisco compatible Network Security SIEM & Analytics solution.  More details can be found on Cisco Marketplace

Enterprise SIEM: Enhancement options

Huntsman Security’s Enterprise SIEM has two important enhancement options:

 

Want to find out more?

Request a demo / speak with a specialist Access Resources Download Huntsman SIEM Brochure