Next-Gen SIEM provider, Securonix has announced availability of its SearchMore functionality that helps operations teams better detect and respond to threats that bypass preventative and detection controls. The company states that “SearchMore delivers the industry’s first Community-Powered Threat Hunting capability and provides the ability to search on real-time, streaming data, as well as long-term data.”
CEO Sachin Nayyar elaborated: “This is a huge step in cybersecurity monitoring. With a combination of cloud-native and big data architecture we are providing customers scalable search and threat hunting capabilities while reducing their operational costs. We strongly believe in a community-powered approach to cybersecurity and plan to incorporate it in all aspects of the Securonix Next-Gen SIEM platform.”
New updates to the platform include:
Community-Powered Threat Hunting
SOC teams who solely rely on their own threat hunting content are at a disadvantage when it comes to detecting continuously evolving threats. With a community-driven approach, Securonix creates collaborative threat hunting workbooks utilising contributions from the Securonix threat research team, commercial threat intelligence, and global user communities such as MITRE ATT&CK and Sigma.
Live Search Channel on Streaming Data
The legacy practice of indexing data to make it searchable introduces pipeline latency and impacts an organisation’s ability to act on threats in real-time.
Securonix live channel allows SOC teams to search and act on live streaming data with virtually zero latency. Security operations teams can set up multiple live channel searches that leverage Securonix threat content, or their own custom hypotheses.
Long-Term Search at One-Third of the Cost
Organisations are concerned about hidden threats existing in their environment. Finding these threats requires the ability to continuously run new searches and investigations on historical data. This creates challenges for legacy platforms with their lack of scalability and huge vendor costs for making long-term data searchable.
Securonix addresses this challenge by providing a rapid search capability at one-third of the price of comparable solutions. Leveraging its cloud-native, big data architecture, the Securonix platform decouples search and compute resources and scales on demand to deliver high-performance searches on long-term data.
Integrated SIEM and SOAR
Securonix search and threat hunting capabilities are embedded within the Securonix Next-Gen SIEM platform, providing SOC teams a single pane of glass to hunt for threats, take action with integrated SOAR, and automate future detection with SIEM.
Multi-Tenant Threat Hunting for MSSPs
With a multi-tenant architecture, Securonix live and long-term searches can be executed simultaneously across multiple tenants. This allows Securonix MSSP partners to deliver a centrally managed threat hunting service to their customers.
“Securonix is continuously raising the bar when it comes to advanced threat detection and response, which is the reason why we chose Securonix to power our managed security services,” said Kelly Hertel, Sr Director, ICS Managed Security Operations, NTT DATA Services. “The SearchMore multi-tenant search and threat hunting capabilities coupled with our co-managed services delivers a powerful augmentation solution for security teams.”
According to the company, other SearchMore benefits include:
- Stopping threats that bypass latent detection with live search.
- Discovering dormant threats with ongoing searches on historical data.
- Increasing threat hunting strength with proactive community-powered content.
- Reducing cost up to one-third for searching long-term data, compared to comparable solutions.