|
Security analysts and
system administrators monitor all sorts of logs and other
security-related information, (firewall and IDS logs, network
device, SIM, OS, application level, etc.).
Adaptive Security Analyzer is security data analytics solution
that employs expert system configuration capabilities,
behavioral modeling and comparative analysis methodologies to
detect, prioritize, and provide insight about security,
compliance and policy violations.
The Adaptive Security Analyzer data analytics process model
encompasses the following:
▬
Continuously monitors high volume, heterogeneous
security-related data.
▬
Interprets &
associates event attributes freely and/or within the context of
any rules within the analytic models to cluster and baseline
system activity.
▬
Compares data sets, identifies events that match explicitly
defined criteria and recognizes and quantifies the extent of
abnormal events.
▬
Advises security personnel of the factors that contributed most
to event classification.
▬
Adapts its orientation of the relationships among event
variables and event classification based on unsupervised
machine-learning and/or user-applied knowledge.
Adaptive Security Analyzer considers data the way
a human analyst would, leveraging both pre-defined and cognitive
intelligence, but with far greater speed and capacity. Adaptive
Security Analyzer identifies suspicious events and trends in
core network and application-level activities such as
logon/logoff attempts, Web server and application use, changes
to Group Policies, file access and inbound/outbound firewall
traffic, but can be applied to any data monitoring challenge
where intelligence regarding atypical activity is of value such
as fraud detection (credit card, click, etc.), performance
management, defense or maritime surveillance, revenue or
resource optimization, etc. Custom analysis can be easily
configured to focus on almost any event class enabling Adaptive
Security Analyzer implementations to be as dynamic as your
changing requirements.
Because Adaptive Security Analyzer does not rely on pre-defined
rules to derive unique and meaningful output, it delivers an
important enhancement to conventional data collection,
correlation and reporting applications. Adaptive Security
Analyzer allows enterprise security administrators and those
responsible for managing compliance to more effectively and
proactively identify, understand and respond to known threats as
well as suspicious atypical behavior or activity that is similar
to known threats.
Adaptive Security Analyzer is implemented as a “snap-in” to the
Microsoft Management Console (MMC) and
runs on Windows desktop and server operating systems. Supported
log formats include syslog, W3C, csv, txt and other formatted
data as well as those stored in MS SQL, MySQL, and Oracle
databases (under both Windows and UNIX platforms).
Privacyware
works with global enterprises, managed service providers and
independent software vendors to develop custom implementations
of the Adaptive Security Analyzer and the Adaptive Security
Engine. Privacyware analysts and engineers
will collaborate on the design and
development of custom analytic models geared to your unique data,
environments and needs.
Adaptive Security Analyzer Implementation Model
|
|
|
|
|
|
|
|
|
Collect Raw Data
|
Model Analyst Expertise
|
Train Model/Establish Baseline
|
Classify Events/Generate Knowledge
|
Analyze Threats/ Teach Model: Identify-Measure-
Prioritize-Reclassify-
Retrain
|
Leverage Knowledge/Protect Environment
|
|
ASA enables you to: |
|
And realize meaningful benefits: |
|
Model
security specialist expertise. |
|
Accelerate threat response.
|
|
Baseline what is normal for
the environment. |
|
Improve
pre-emptive capabilities. |
|
Identify published threats. |
|
Expand
resource capacity.
|
|
Identify activity matching
pre-defined criteria. |
|
Maximize
return on security and other IT assets.
|
|
Identify, Measure & Prioritize all anomalous events. |
|
Eliminate
information overload.
|
|
Generate root cause insight of threats. |
|
Reinforce
Regulatory Compliance. |
|
|
Impart
new knowledge back into the system. |
|
Improve
productivity. |
|
|
|
|
Versatile
Enterprise Defense and Compliance Enhancement
Compatible with leading firewall, IDS/IPS, SIM, and other
devices and applications supporting both common and many proprietary file exchange formats, Adaptive
Security Analyzer
complements existing enterprise defense investments.
No Cognitive Barriers
Adaptive Security Analyzer can pinpoint, classify and
prioritize suspicious behavior and/or prevent known and
unknown system threats without cognitive constraints. While
prior knowledge can be leveraged to guide or “orient” ASA,
it is not dependent on this information and more importantly
not limited by it in terms of the extent, manner, and
complexity with which event attributes can be considered to
identify potentially harmful and/or
unauthorized system use.
|
|
|
|
|
Proactive
Posture and Rapid Response
Adaptive Security Analyzer detects and quantifies all types of known and unknown
attacks, threatening and unauthorized activity so security staff can
prioritize preventative actions in a proactive and more time sensitive manner. The intelligence and functional attributes of
security staff are infused in ASA, allowing you to leverage
security information to observe unusual system activity and
manage vulnerabilities, intrusions and potential policy
violations like
never before.
|
|
|
|
To register for a demonstration
of Adaptive Security Analyzer
— Click here.
|
|
|
