Business Intelligence for SIEM
Securonix adds business, identity, and risk context to your SIEM/Log Management solution for proactive monitoring on the riskiest users, systems, and activity. Enrich log data captured by SIEM/Log Management technologies through context and behavior based analysis while automatically feeding it new monitoring policies based on evolving threats. The Securonix solution also provides the capability to import log and audit transactions from Applications that are not being monitored by your SIEM technology.
By creating the security warehouse, the Securonix solution provides a full business context view of user access, activities and transactions. This ‘cube’ like central identity contains detailed business related information such as job title, manager, location and process information as well as sunset dates, holiday notifications and inactivity status’s. By integrating such fundamental business context information to a user’s access and activities, provides a much clearer picture surrounding risk and criticality.
Single User View
The Securonix solution creates a single global view of the identity, including business related information such as department, job title, manager and location. Layered on top of this, is the underlying system entitlements and access a user has been provisioned. Finally, the actual activities and transactions that have been performed, gives a much more complete view of the user and ultimately the risk that user poses to the organisation.
The Securonix solution provides the industry’s leading correlation engine, allowing easy and powerful probability driven associations for business, access and activity accounts, creating a single centralised view.
- Drag & Drag regex factory
- On-the-fly dynamic parser creation
- No-code approach or pre-processing
- Advanced Comparators for fuzzy-logic matching
- Probability based recommendations for failed correlations
Context Driven Policy Management
Behaviour Profiling and Access and Activity Outlier analytics allows simple and automated views of the high risk users within a team, resource or organisation. In addition, the policy management module allows the creation of complex policies for detecting abnormalities from a business, access and activity perspective. Policies can be quickly created from a drag and drop canvas to show things like excessive authentication failures for a particular resource, or users of a particular job ranking accessing a certain file. The combination of business data and transaction and resource data is a powerful concept to help remove noise and focus on high risk.