|
Security analysts and
system administrators monitor all sorts of logs and other
security-related information, (firewall and IDS logs, network
device, SIM, OS, application level, etc.). Most organizations
have not yet deployed SIM solutions but still have vast log or
other security-related data analysis requirements.
The
Adaptive Security Analyzer enables the methods and know-how
utilized by the security analyst or other IT personnel to
analyze specific sets of data to be modeled. More importantly,
ASA possesses the cognitive and learning capacity of its human
counterpart, and can therefore formulate associations among
seemingly disparate event variables to identify activity that,
although may not have been pre-defined as a violation of policy
or
malicious, is either very
similar to activity that was or deviates from normal to an
unacceptable level and warrants further investigation and action.
In
summary, Adaptive Security Analyzer performs the following
functions:
-
Continuously monitors high volume, heterogeneous
security-related data.
-
Interprets
& associates event attributes freely and/or within the
context of any rules within the analytic models to cluster
and baseline system activity.
-
Compares
data sets, identifies events that match explicitly defined
criteria and recognizes and quantifies the extent of
abnormal events.
-
Advises
security personnel of the factors that contributed most to
event classification.
-
Adapts its
orientation of the relationships among event variables and
event classification based on unsupervised machine-learning
and/or user-applied knowledge.
Privacyware
works with global enterprises, managed service providers and
independent software vendors to develop custom implementations
of the Adaptive Security Analyzer and the Adaptive Security
Engine. Privacyware engineers collaborate on the design and
development of analytic models specific to your unique data,
environments and the types of activity of highest interest and
value to you.
Implementing Adaptive Security
Analyzer is a straight-forward exercise basically illustrated in
the figure below.
The Adaptive Security Analyzer Implementation Model
|
|
|
|
|
|
|
|
|
Collect Raw Data
|
Model Analyst Expertise
|
Train Model/Establish Baseline
|
Classify Events/Generate Knowledge
|
Analyze Threats/ Teach Model: Identify-Measure-
Prioritize-Reclassify-
Retrain
|
Leverage Knowledge/Protect Environment
|
|
ASA enables you to: |
|
And realize meaningful benefits: |
|
Model
security specialist expertise. |
|
Accelerate threat response.
|
|
Baseline what is normal for
the environment. |
|
Improve
pre-emptive capabilities. |
|
Identify published threats. |
|
Expand
resource capacity.
|
|
Identify activity matching
pre-defined criteria. |
|
Maximize
return on security and other IT assets.
|
|
Identify, Measure & Prioritize all anomalous events. |
|
Eliminate
information overload.
|
|
Generate root cause insight of threats. |
|
Reinforce
Regulatory Compliance. |
|
|
Impart
new knowledge back into the system. |
|
Improve
productivity. |
|
|
|
|
Versatile
Enterprise Defense and Compliance Enhancement
Compatible with leading firewall, IDS/IPS, SIM, and other
devices and applications supporting both common and many proprietary file exchange formats, Adaptive
Security Analyzer
complements existing enterprise defense investments.
No Cognitive Barriers
Adaptive Security Analyzer can pinpoint, classify and
prioritize suspicious behavior and/or prevent known and
unknown system threats without cognitive constraints. While
prior knowledge can be leveraged to guide or “orient” ASA,
it is not dependent on this information and more importantly
not limited by it in terms of the extent, manner, and
complexity with which event attributes can be considered to
identify potentially harmful and/or
unauthorized system use.
|
|
|
|
|
Proactive
Posture and Rapid Response
Adaptive Security Analyzer detects and quantifies all types of known and unknown
attacks, threatening and unauthorized activity so security staff can
prioritize preventative actions in a proactive and more time sensitive manner. The intelligence and functional attributes of
security staff are infused in ASA, allowing you to leverage
security information to observe unusual system activity and
manage vulnerabilities, intrusions and potential policy
violations like
never before.
|
|
|
|
To register for a demonstration
of Adaptive Security Analyzer
— Click here.
|
|
|
