What does a security analytics platform do?
Security analytics platforms analyze traffic and behavior data to intelligently surface actionable insights in response to confirmed or potential cyberattacks against the organization.
Security Analytics Software
Best Security Analytics Software include:
Palo Alto Networks WildFire, Microsoft Advanced Threat Analytics (formerly Aorato), McAfee Advanced Threat Defense, KnowBe4 PhishER, Rapid7 InsightIDR, Bitdefender Network Traffic Security Analytics, Trend Micro Deep Discovery, Cisco SecureX (formerly Threat Response), Juniper Advanced Threat Prevention (JATP), formerly Cyphort, and Cisco Threat Grid.
Security Analytics Software Overview
What are Security Analytics Platforms?
Security analytics platforms are tools which provide proactive or exploratory network security via behavioral machine learning or analytics techniques. Alternately described as SA Tools or network traffic analytics software, these products collect, normalize, and analyze network traffic for threat behavior. Vendors specializing specifically in SA offer machine learning tools for applying security models to traffic across enterprise assets. While highly related to SIEM, security analytics software may provide more advanced tools for data mining or freeform analytics.
Security analytics software provides several benefits to organizations. Overall, it enhances the actionability of security data, especially at the enterprise level. These tools reduce the manual load associated with performing security analytics. They also prevent analyses graphically for less specialized users to make decisions based on the results. This improved accessibility and data centralization can improve event response times, threat visibility, and insider threat awareness. They can also provide proof of compliance in the event of an audit.
Security analytics platforms primarily consist of data ingestion pipelines, an analytics engine, and accessible next-step functions like data visualizations, alerts, or automated workflow triggers for threat remediation. The data pipelines are designed to intake data from a wide number of sources, including non-IT contextual data like HR or finance information. Security analytics software can then perform a range of analysis methods depending on the data being analyzed, such as behavior or traffic analysis. The AI foundations of many security analytics tools makes this process less manual than it would otherwise need to be, especially when coupled with updated 3rd-party threat intelligence resources.
Security analytics are sometimes found in other security data collection tools. SIEMs and IT Infrastructure Monitoring tools are common sources of security analytics capabilities. Since the tools collect the data directly, they can be better suited to handling certain kinds of data. Standalone security analytics platforms are likely to have more robust security analytics engines. They focus on advanced AI-driven analytics and rely on other security systems to collect the security data itself. This arrangement may be ideal for businesses that are adding a security analytics tool on top of preexisting security systems.
Features of Security Analytics Platforms
Security analytics software provide the following features or targets for analysis:
Ingested data from SIEM or other sources
User and entity behavior analytics (UEBA)
Automated or on-demand network traffic analysis
Model observed behavior against threat intelligence
Configure analytics to observe behavior against policy
Application access and analytics
DNS analysis tool
Email activity
Network packets
Identity and social persona
File access
Geolocation, IP context
Security Analytics Software Comparison
When comparing different security analytics platforms, consider these factors:
Data Source Integration: Does the tool have prebuilt ingestion pipelines for specific types of security data collectors, or even specific products? These factors will heavily impact the timeline and ease of implementation and long-term management as security tools are added or replaced over time.
Scalability: How easily will the software handle analytics at volume? Consider aspects like analytics automation and the AI capabilities available. Also consider how scalable the next-steps from analytics results are, be they alert management, integrations with security controls for automated workflows, and other processes.
Usability: Much of the value of security analytics engines are the ease of use and improved accessibility of results for non-specialists. Consider how usable and actionable each product is for less-specialized users.
Start a security analytics comparison here
Pricing Information
Security analytics pricing varies depending on whether it’s a standalone platform, SIEM, or log analytics/management tools. Costs will also depend on the range of features offered and the length of time that data is retained. Pricing within tiers is often scaled by the amount of data stored, analyzed, or managed on the platform.
Security Analytics Products
(1-25 of 58) Sorted by Most Reviews
The LogRhythm NextGen SIEM Platform, from LogRhythm in Boulder, Colorado, is security information and event management (SIEM) software which includes SOAR functionality via SmartResponse Automation Plugins (a RespondX feature), the DetectX security analytics module, and AnalytiX…
Sumo Logic is a log management offering from the San Francisco based company of the same name.
Palo Alto Network’s WildFire is a malware prevention service. It specializes in addressing zero-day threats through dynamic and static analysis, machine learning, and advanced sandbox testing environments.
KnowBe4 offers PhishER as a simple and easy-to-use web-based platform with critical functionality that serves as a phishing emergency room to identify and respond to user-reported messages. With automatic prioritization for emails, PhishER helps InfoSec and Security Operations team…
Elastic Security equips analysts to prevent, detect, and respond to threats. The free and open solution delivers SIEM, endpoint security, threat hunting, and cloud monitoring. The solution encompasses Elastic SIEM, which brings Elasticsearch to SIEM and threat hunting. The Elastic…
OpenText Security Suite, powered by OpenText EnCase, is an endpoint security solution designed to provide 360-degree visibility across laptops, desktops and servers for proactive discovery of sensitive data, identification and remediation of threats and discreet, forensically-sound…
McAfee Advanced Threat Defense enables organizations to detect advanced, evasive malware and convert threat information into immediate action and protection. Unlike traditional sandboxes, it includes additional inspection capabilities that broaden detection and expose evasive threats.…
Splunk supplies security analytics as a standalone solution or priced as an add-on for users of its popular SIEM products, to protect enterprises against unknown threats and malicious behavior, via the Splunk User Behavior Analytics (UBA) application.
IBM QRadar Advisor with Watson supports QRadar SIEM with Watson's AI guided automation as well as providing advanced analytics capabilities for evaluating suspicious user activity, conducting threat validation, and other analytics based tasks.
Cisco Threat Response automates integrations across select Cisco Security products and accelerates key security operations functions: detection, investigation, and remediation. Threat Response integrates threat intelligence from Cisco Talos and third-party sources, which adds context…
Juniper Advanced Threat Prevention (the JATP appliances) finds and blocks both known and unknown network cyberthreats. It uses SecIntel, Juniper’s security intelligence feed, along with sandboxing and machine learning to identify day-one threats. The ATP solution includes and supercedes…
Based on Aorato (acquired by Microsoft in November 2014), Advanced Threat Analytics presents a security analytics tool used to learn, analyze, and identify normal and suspicious user or device behavior with built-in intelligence.
Securonix, from the Los Angeles-based company of the same name, offers the SNYPR Platform, an advanced analytics platform providing real time insights with identity data, threat hunting, and other security analytics capabilities. The SNYPR platform combines this with Securonix Response…
Symantec Network Forensics: Security Analytics aims to give users complete security visibility, advanced network traffic analysis, and real-time threat detection with enriched, full-packet capture.
In addition to their incident response service, Rapid7 offers InsightIDR, a relatively broad offering covering SIEM and user behavior and threat analytics.
Exabeam headquartered in San Mateo, offers their SIEM platform, the The Exabeam Security Management Platform. The vendor states the modular Exabeam platform allows analysts to collect unlimited log data, use behavioral analytics to detect attacks, and automate incident response. The…
Gurucul Risk Analytics (GRA) is a behavior based security analytics platform from Gurucul headquartered in El Segundo.
Bitdefender Network Traffic Security Analytics applies AI driven and machine learning techniques to detect threats or anomalous behavior in enterprise networks.
Bay Dynamics headquartered in New York offers their Risk Fabric Platform to enterprises, which provides high level security risk analytics, user behavior analysis, kill chain analysis, and provides threat reporting and matrix.
Hillstone Security headquartered in Santa Clara offers Hillstone CloudView, a SaaS security management and advanced analytics solution for entities deploying Hillstone Security's firewalls or threat detection solutions.
Micro Focus offers the ArcSight User Behavior Analytics application, providing real-time anomalous behavior detection and threat detection.
SRC headquartered in New York offers DNSentinel, a security analytics tool which allows the user to perform domain name analysis, or perform data mining on passive DNS data.
Frequently Asked Questions
How is security analytics different from SIEM?
SIEM focuses on event tracking and data collection primarily. In contrast, security analytics analyzes the data that an SIEM collects to reveal actionable results and insights.
Who uses security analytics platforms?
Security analytics platforms are most often used by larger organizations and enterprises that deal with massive amounts of data related to cybersecurity and threat assessment.
What are the benefits of security analytics?
Security analytics enable more proactive threat remediation and reduce the manual processes associated with assessing security data.
How much do security analytics platforms cost?
Security analytics are normally priced by the amount of data being handled. Product prices are usually tiered depending on how long data is retained and the range of features available.