Securonix, Inc., a leader in next-gen SIEM, today announced the launch of its network traffic analysis (NTA) product that will provide bundled Corelight network sensors and use case content. Securonix NTA will be an integral part of the Securonix SIEM product, enabling customers to deploy a single solution that correlates network traffic, security events, and entity context to detect and respond to the most advanced insider and cyber threats.
Customers today are struggling to detect the sophisticated slow and low attacks which require monitoring a blend of network traffic activity, user actions, and system behaviour patterns. Stand-alone network traffic analysis tools can monitor traffic and detect network traffic anomalies, however, such anomalies without the user and system context are less actionable and can add to the noise. Traditional SIEM solutions, have the same problem – unless they are ingesting network traffic metadata, they lack the context to differentiate real threats from bad hygiene user activities.
With Securonix NTA, the Securonix SIEM platform now provides customers a single platform that monitors and correlates network traffic events, security events, and user activities (with built in UEBA) to detect the most advanced threats. The solution uses the MITRE ATT&CK framework to help incident responders organise the indicators of compromise (IOCs) from NTA, SIEM, and UEBA and to help them break or interrupt an attacker’s kill chain, and to surface the highest risk threats to their environment.
“Cyber threats continue to become more advanced and complex every day. Looking at user activity, security logs, and network events in silos may result in advanced threats going undetected,” said Nitin Agale, SVP of strategy and marketing at Securonix. “By combining SIEM, UEBA, NTA and SOAR functionality in a single platform, Securonix is providing customers with fully integrated solution for effectively detecting, investigating and responding to advanced threats.”
Securonix NTA combines data from Corelight sensors which provide real-time insight by extracting more than 400 data elements from network traffic in real time across dozens of protocols and data types. Securonix ingests this data using built-in connectors and enriches it with relevant user, entity, and threat intelligence context. The integrated network analysis and threat model content triggers alerts and combines it with other indicators of compromise using the MITRE ATT&CK framework as a construct. Securonix then surfaces the actionable threats so analysts can quickly investigate and remediate in real-time.
“When collecting network data, it is important to focus on the right data at the right time to avoid being drowned in infinite volume of meaningless events,” said Brian Dye, chief product officer at Corelight. “Corelight sensors capture comprehensive and rich data on the various network protocols such as DNS which when combined with the powerful analytics and correlation capabilities of Securonix can help customers focus on real threats and take corrective actions before a breach occurs.”
Securonix is redefining SIEM using the power of big data and machine learning. Built on an open Hadoop platform, Securonix Next-Gen SIEM provides unlimited scalability and log management, behaviour analytics-based advanced threat detection, and automated incident response on a single platform. Globally, customers use Securonix to address their insider threat, cyber threat, cloud security, and application security monitoring requirements. Follow Securonix on Twitter, Facebook, or LinkedIn.