Securonix: Security information and event management (SIEM)

SIEMs improved their ability to ingest, process, and store data as data grew more affordable and technology became more powerful. SIEMs may now detect dangers in your data using signature-based alerts. However, this generation of SIEMs has significant drawbacks. They could only discover dangers that were already recognised since they depended on signatures. They have just a limited capacity to detect zero-day or unknown threats. However, next-generation SIEM are built on a big data platform with unlimited scalability and built in the cloud, for the cloud. In a single platform, a next-generation SIEM combines log management, behaviour analytics-based enhanced threat detection, and automated incident response.

Securonix Next-Gen SIEM

Securonix Next-Gen SIEM distinguishes itself by patented signature-less detection algorithms that perform real-time big data analysis of incoming event logs. It is designed with powerful behaviour analytics capabilities to mine, enhance, and analyse data in order to discover actionable threats. While existing systems focus on restricted data collection, retention, and compliance reporting, Securonix analyses large amounts of data for advanced threats, including insider threats.

Among the specific data science methods are:

Minimum-Maximum Clustering (Unsupervised learning):

For machine data and user activity data.

Classification Algorithms (Supervised Learning):

A classification library and decision science are used to detect advanced threats such as DGAs, phishing/SPAM assaults, and social risks, which include analysis via peer group profile.

Event rarity:

For actions that have never been witnessed before, Fuzzy correlation, Sequential Learning, and Rule-based Analysis are all terms used to describe fuzzy correlation (signatures).

To impart context to massive volumes of unstructured data, Securonix use a method known as entity context enrichment. The emphasis on context assists it in integrating information from different sources and distinguishing between normal variation and suspicious events. This satisfies SIEM’s promise to give more than the sum of the indications it processes.

Securonix Company Background

Securonix, headquartered in Texas, provides a cloud-native SIEM service. Log management, user and entity activity analytics, and security incident response are all part of it. It was named a “leader” in Gartner’s 2021 Magic Quadrant for SIEM, with high ratings for both execution ability and vision completeness. It is not the largest player in the industry, but it is fast expanding.

Securonix: Product Features

1. Big Data Architecture

  • Powered by Hadoop, a massively scalable, fault-tolerant open data platform capable of ingesting hundreds of terabytes of data per day and allowing for cost-effective long-term data preservation.
  • With an open data model, you may keep a single copy of your data in open data format and make it available to other apps as needed.
  • Unlimited long-term retention with over 90% compression.
  • Native Hadoop components verified on Cloudera and Hortonworks.
  • Cost is based mostly on identity rather than events per second or terabytes, so expenses are predictable even as your data requirements grow.

2. Analytics for User and Entity Behavior

  • Built-in UEBA with unique machine learning algorithms detects advanced and insider threats properly.
  • Using threat chain models, stitch together a sequence of events over time to reveal the greatest risk occurrences.
  • Securonix includes out-of-the-box applications in the form of threat models and built-in interfaces, allowing for rapid deployment and speed to value.
  • Use case information is continuously refreshed via the Threat Library and Threat Exchange.

3. Intelligent Incident Handling

  • The Securonix Investigation Workbench enables you to investigate incidents quickly by pivoting on abnormal entities and tracing linked actions and events.
  • Incident playbooks provide adjustable automatic remediation activities to reduce response time.
  • The ability to cooperate on an inquiry across various teams is enabled by comprehensive incident management and workflow features.
  • Securonix Response Bot is an artificial intelligence-based recommendation engine that offers remedial measures based on Tier 3 analysts’ historical activity patterns.

4. Threat detection and investigation

  • Securonix Spotter allows lightning-fast threat detection using natural language search.
  • Visual pivoting is accessible on any entity to build important threat context, making it easier to search for threat actors or signs of compromise.
  • Visualized data may be exported in typical data formats or stored as dashboards.

Architecture of Securonix SIEM

Open standards serve as the foundation for the software architecture. This implies it can use tried-and-true software components rather than needing to create everything from scratch. The data isn’t locked down, but it can be accessed via a number of technologies. Applications can be developed to augment the Securonix services. The primary task entails processing massive volumes of unstructured data from many sources. The backend is powered by Apache Hadoop, an open-source framework for managing large amounts of data. Its components are as follows:

Hadoop Distributed File System (HDFS): A file-storage architecture that spans hundreds or thousands of machines. It’s built to be fault-tolerant, so it can recover from any node failure without losing data.

HBase is a non-relational, NoSQL database that is used to store sparse data collections. It is optimised for real-time speed, which is critical while tracking potential threats. It is also fault-tolerant because it is built on top of HDFS. 

Solr is an Apache Lucene-based search tool. It is intended for scalability and is typically used in conjunction with Hadoop. It indexes papers for quick searching, takes queries, maps queries to target documents, and ranks the results based on relevancy.

Impala and Hive: Even when working with large amounts of data, the speed and consistency of SQL databases make them the ideal choice for particular applications. Hive is a data warehouse solution based on HDFS that can be queried using the SQL-like Hive Query Language.

Pricing Information

Below are the total costs for these different subscription durations. Additional taxes or fees may apply

Units

Description

12 MONTHS

24 MONTHS

36 MONTHS

SNYPR-NxGEN SIEM 1K_ID

1000 ID Nx-Gen SIEM 1 year of 7Hot, 60Warm, 365Cold storage days

$91,378

$182,756

$274,134

SNYPR-Basic SIEM_1K_ID

1000 ID Basic SIEM 1 year of 60Warm, 365Cold storage days

$67,331

$134,662

$201,993

SNYPR -UEBA_1K_ID

1000 ID UEBA + Insider,Cyber,CloudPackages 30 days of report

$48,094

$96,187

$144,281

Referecnes

https://www.securonix.com/what-is-siem/

https://spectrami.com/wp-content/uploads/2019/08/Securonix_Combined-Data-Sheets.pdf

https://www.bitlyft.com/resources/a-close-look-at-securonix-siem

https://www.securonix.com/products/next-generation-siem/