Next Gen SIEM Software & Products

Next Gen SIEM incorporating threat intelligence and UEBA

SIEM with inbuilt Threat Intelligence and UEBA

Huntsman Security’s Next Gen SIEM is a cyber security analytics product with built-in threat intelligence and behaviour anomaly detection, designed to analyse high volume streams of data in real-time to quickly and accurately detect non-compliant system activity, anomalous behaviour, security issues and cyber threats. Next Gen SIEM product includes Threat Intelligence and UEBA to see known sand unknown threats

Download Next Gen SIEM Brochure

Recognised as a “Strong Performer” in The Forrester Wave™ : Security Analytics Platforms, Q3 2018, the technology was acknowledged for its compliance monitoring capabilities and massive scalability for large environments.

 

Next Generation SIEM explained

 

illustration of next generation SIEM with built in threat intelligence and UEBA

 

Behavioural Anomaly Detection – see all threats

Behavioural Anomaly Detection (BAD) is sometimes referred to as User Behaviour Analytics (UBA), User Entity Behaviour Analytics (UEBA) or Security User Behaviour Analytics (SUBA).

Video: What is Behavioural Anomaly Detection and why do you need it?

The UEBA engine ensures suspicious activity, whether by users, machines or applications operating across the network can be easily detected , investigated and resolved based on learned profiles of baseline behaviour that can be fixed once derived, or continuously variable network grows or patterns of use evolve.

 

What Next Gen SIEM delivers

Next Gen SIEM is designed to sit at the core of  your Security Operations Centre (SOC).  It provides:

  • A single solution for all security and compliance monitoring, data analysis and reporting
    • Real-time detection of cyber threats and insider misuse
    • Visibility of anomalous activity within the network, operating system and application layers
    • Correlation of known threat intelligence and asset information with behavioural data to significantly enhance  event context
  • Automated collection of contextual information relating to a threat, with support for external threat  intelligence feeds and internal context
  • Speeds up the time consuming processes of:
    • Configuration and rule definition, using machine learning and behavioural profiling
    • Investigation, with powerful contextual query and reporting interface
  • Precise security information to operations, management and audit & risk
  • Answers key questions ‘who, what, where, when and how’ around an alert

Download Essential Guide to SIEM

 

Next Gen SIEM incident response dashboard showing current status

Next Gen SIEM – Incident Response Dashboard

 

How Next Gen SIEM works

Huntsman Security’s Next Gen SIEM supports the entire security management lifecycle – from data collection, threat detection and alert analysis, to reporting, incident response and resolution.

Flexibility and Speed:

  • Flexible architecture that supports highly scalable data flows and storage across multiple live/accessible repositories
  • High-speed (in excess of 5 billion events per day), real-time collection with stream-based processing and analysis of log, event and system data for correlation and alerting to detect non-compliant activity
  • Adapts to authorised network changes, gradual trends, usage spokes and work patterns
  • Automatically distinguishes suspicious and risky outliers from normal events

Analysis and Response: 

  • Real-time analysis of user, device, application, network activity and other data sources to detect:
    • Advanced Persistent Threats (APTs)
    • Smart, customised and targeted malware
    • Malicious or negligent insiders abusing access and putting information at risk
    • Data exfiltration, lateral movement and the use of credentials by attackers
    • ‘Unknown’ and ‘Unknowable’ external and internal threats
  • Connects and tracks multiple concurrent alerts across multiple sources and seemingly unrelated events from diverse information silos to quickly determine hidden or unexpected relationships
  • File and directory integrity monitoring for ad hoc or scheduled reporting
  • Passive ICT asset mapping to trace threats and prioritise business risks
  • Prioritisation of alerts for immediate intervention or automated response
  • Comprehensive alert tracking and incident management with automated workflow support, case data management, and reporting for incident investigation, escalation and resolution
  • Integration with third party ticketing, SNMP/network management, API access and incident remediation solutions

Security Visibility and Business Intelligence: 

  • Clear security business intelligence interface for data-driven investigation and drill-down queries with tabbed data views and interactive filters
  • Live threat and risk dashboards for compliance and security status reporting to stakeholders
  • Visual analysis GUI so metrics, key information and sensitivities can be displayed and tailored to meet precise profiling requirements
  • Extensive range of in-built, customisable reports which are automatically created, distributed and stored at scheduled, trigger driven or ad hoc times
  • Role-based access control and audit trails with evidential replays of all operator actions

Extensive Data Source Support:

Next Gen SIEM provides flexible sensor/agent/agentless collection from syslog, event logs, file-based audit trails, XML, database query and network flow data:

  • Operating systems, database and application platforms
  • Email/messaging
  • Storage devices
  • Firewalls, proxies and web/mail/content network gateways
  • Server, email, endpoint  and sandbox AV /malware solutions
  • Network components (LAN, WAN, WLAN, load balancers, NAC, VPNs, DNS etc.)
  • Intrusion detection and prevention systems (IDS/IPS)
  • Packet capture solutions
  • End point/host security solutions including DLP
  • Common Cloud providers (IaaS/PaaS/SaaS)
  • IAM/IDM, Authentication and PAM
  • Vulnerability scanners and configuration management
  • Ticketing and service desk systems (including two way integration)
  • A range of Threat Intelligence feeds

Huntsman Security’s Next GEN SIEM is a Cisco compatible Network Security SIEM & Analytics solution.  More details can be found on Cisco Marketplace.

Next Gen SIEM enhancement options

Huntsman Security’s Next Gen SIEM has two important enhancement options:

  • Extended data store – Our data repository provides flexible storage for larger environments, with full management of data hierarchically
  • High Availability – For active-passive or active-active system failover with fully resilient, reliable security monitoring without interruptions or service downtime

 

Find out more about Next Gen SIEM software

Download Next Gen SIEM Brochure

Contact Us