Security Analytics Software Overview
What is Security Analytics Software?Security analytics software are tools which provide proactive or exploratory network security via behavioral machine learning or analytics techniques. Alternately described as SA Platforms or network traffic analytics software, these tool collect, normalize, and analyze network traffic for threat behavior. Vendors specializing specifically in SA offer machine learning tools for applying security models to traffic across enterprise assets. While highly related to SIEM, security analytics software may provide more advanced tools for data mining or freeform analytics.
Features of Security Analytics SoftwareSecurity analytics platforms provide the following features, or target for analysis:
- Ingested data from SIEM or other sources
- User and entity behavior analytics (UEBA)
- Automated or on-demand network traffic analysis
- Model observed behavior against threat intelligence
- Configure analytics to observe behavior against policy
- Application access and analytics
- DNS analysis tool
- Email activity
- Network packets
- Identity and social persona
- File access
- Geolocation, IP context
The LogRhythm NextGen SIEM Platform, from LogRhythm in Boulder, Colorado, is security information and event management (SIEM) software which includes IR via the SmarResponse Automation Framework, UEBA via the CloudAI security analytics tool, NetMon network forensics, and other features providing a t…
Sumo Logic is a log management offering from the San Francisco based company of the same name.
Palo Alto Network’s WildFire is a malware prevention service. It specializes in addressing zero-day threats through dynamic and static analysis, machine learning, and advanced sandbox testing environments.
Logz.io in Boston offers their enterprise-grade log analytics application, oriented towards providing data security and eliminating the need for capacity management.
Splunk supplies security analytics as a standalone solution or priced as an add-on for users of its popular SIEM products, to protect enterprises against unknown threats and malicious behavior, via the Splunk User Behavior Analytics (UBA) application.
IBM QRadar Advisor with Watson supports QRadar SIEM with Watson's AI guided automation as well as providing advanced analytics capabilities for evaluating suspicious user activity, conducting threat validation, and other analytics based tasks.
McAfee Advanced Threat Defense enables organizations to detect advanced, evasive malware and convert threat information into immediate action and protection. Unlike traditional sandboxes, it includes additional inspection capabilities that broaden detection and expose evasive threats. Tight integrat…
Juniper Advanced Threat Prevention (the JATP appliances) finds and blocks both known and unknown network cyberthreats. It uses SecIntel, Juniper’s security intelligence feed, along with sandboxing and machine learning to identify day-one threats. The ATP solution includes and supercedes the former …
Interset, developed by the company of the same name in Ottawa which was acquired by Micro Focus in February 2019, is a security analytics platform bringing artificial intelligence and machine learning to insider threat detection or related behavior-related security policy violations and threats.
Securonix, from the Los Angeles-based company of the same name, offers the SNYPR Platform, an advanced analytics platform providing real time insights with identity data, threat hunting, and other security analytics capabilities. The SNYPR platform combines this with Securonix Response Bot, inciden…
Sophisticated, targeted attacks can take weeks, months or longer to discover and resolve. Incidence response teams need tools that quickly uncover the full source and scope of an attack to reduce time-to-resolution, mitigate ongoing risk and further fortify the network. According the the vendor, Sym…
Exabeam headquartered in San Mateo, offers their security intelligence and SIEM platform, the Exabeam Security Intelligence Platform, featuring unlimited security data collection (Exabeam Data Lake), threat detection via Exabeam Advanced Analytics, security response and orchestration via Exabeam Inc…
SRC headquartered in New York offers DNSentinel, a security analytics tool which allows the user to perform domain name analysis, or perform data mining on passive DNS data.
Gurucul Risk Analytics (GRA) is a behavior based security analytics platform from Gurucul headquartered in El Segundo.
Bay Dynamics headquartered in New York offers their Risk Fabric Platform to enterprises, which provides high level security risk analytics, user behavior analysis, kill chain analysis, and provides threat reporting and matrix.
Securonix headquartered in Addison offers the Securonix Next-Generation SIEM deployment, combining log management as well as user and entity behavior analytics (UEBA), for a complete SOC solution.
Securonix headquartered in Addison offers the Securonix User and Entity Behavior Analytics (UEBA) tool, the company's core security analytics application providing AI-based and machine learning funcitons for analyzing and providing context to security data.
The Devo Data Operations Platform, from Devo headquartered in Cambridge, provides big data analytics capabilities to machine data and security operations.
Hillstone Security headquartered in Santa Clara offers Hillstone CloudView, a SaaS security management and advanced analytics solution for entities deploying Hillstone Security's firewalls or threat detection solutions.
LogRhythm UEBA is the company's security analytics application for advanced threat detection via analysis of user behavior. LogRhythm offers their UEBA product standalone, or it can be integrated into the enterprise's SIEM product for additional functionality.
RSA NetWitness UEBA is a security analytics application and part of the NetWitness network security and SIEM suite, from RSA Security.
Huntsman Security, an Australian company offers the Huntsman Enterprise SIEM security platform, designed to provide a complete SIEM solution with a built-in behavior anomaly detection engine / UEBA engine (Huntsman BAD), which is an integral part of the Enterprise SIEM solution.
McAfee Investigator is a security analytics application.
Micro Focus offers ArcSight Investigate, a proactive security and threat analytics and search application.
Micro Focus offers the ArcSight User Behavior Analytics application, providing real-time anomalous behavior detection and threat detection.