Security Analytics Software
Top Rated Products
(1-3 of 3)
IBM Security QRadar is security information and event management (SIEM) Software.
Splunk Enterprise Security (SIEM) is the company's flagship SIEM product, offered as a premium service to subscribers of Splunk Cloud or Splunk Enterprise.
IBM Security Guardium is IBM's data security posture management solution, that aims to offer organizations comprehensive visibility, actionable insights and real-time controls to help users comply with regulations, preserve privacy and secure your sensitive data — no matter where…
All Products
(26-50 of 84)
Elastic Security equips analysts to prevent, detect, and respond to threats. The free and open solution delivers SIEM, endpoint security, threat hunting, and cloud monitoring. The solution encompasses Elastic SIEM, which brings Elasticsearch to SIEM and threat hunting. The Elastic…
SonicWall Analytics provides real-time insights into correlated security data and supports forensic investigation, security policy calibration and control, enrichment of connected firewall data, and drill down analytics.
Trend Micro Deep Discovery is a family of advanced threat protection products that enables users to detect, analyze, and respond to today’s stealthy, targeted attacks. Deep Discovery blends specialized detection engines, custom sandboxing, and global threat intelligence from the…
Explore recently added products
Anomali Match, from Anomali in Redwood City, is an extended detection and response (XDR) endpoint security tool used to detect and identify adversaries early in an organization’s network by correlating tens of millions of threat indicators against real time network activity logs…
In November 2017, FlowTraq was acquired by Riverbed to bring advanced security technology to the wider Riverbed customer base. With the increasing overlap of the needs of Security and Network Operations teams, existing FlowTraq customers have gained access to Riverbed's product suite,…
SafeBreach, headquartered in Sunnyvale, simulates hacker breach methods to quantify risks and validate how well security controls can stand up to a breach.
Lumu Technologies is a cyber-security company that illuminates threats, attacks, and adversaries affecting enterprises worldwide. Using actionable intelligence, Lumu provides a way to secure networks by enhancing and augmenting existing defense capabilities established over the past…
Veriti is a security posture management solution, that when integrated with the entire security stack, provides a consolidated management layer that continually and proactively monitors exposure to threats and provides actionable remediation paths for security gaps and high-risk…
Gurucul User & Entity Behavior Analytics (UEBA) uses machine learning models on open choice big data to detect unknown threats early in the kill chain. UEBA provides a realistic approach to comprehensively manage and monitor user and entity centric risks. UEBA identifies anomalous…
Anomali Lens scans and converts unstructured data, such as news stories, social media, research papers, blogs, paste sites, coding repositories, and internal content sources like SIEM user interfaces, into actionable intelligence. Anomali Lens leverages natural language programming…
Verint CIS offers OMNIX Intelligence Fusion, a data gathering, analytics, and pattern detection tool oriented around forensics investigations, and related research.
The Hunters XDR platform, from Hunters.ai in Tel Aviv, is cloud-native open XDR ingests, retains and dynamically cross-correlates all security telemetry to accelerate investigations and foster confident response to incidents.
A tool used to calculate, communicate and compare cyber exposure while managing risk. Tenable Lumin is used to visualize and explore an organization's Cyber Exposure, track risk reduction over time, measure the effectiveness of security operations and benchmark against a company'…
GoSecure Responder PRO is a forensics toolkit that helps reverse engineers understand exactly how malware was executed on specific machines, with the ability to disassemble and visualize the results. Further, reverse engineers can produce reports that demonstrate with granular, fine-…
Huntsman Security, an Australian company offers the Huntsman Enterprise SIEM security platform, designed to provide a complete SIEM solution with a built-in behavior anomaly detection engine / UEBA engine (Huntsman BAD), which is an integral part of the Enterprise SIEM solution.
Gurucul Risk Analytics (GRA) is a behavior based security analytics platform from Gurucul headquartered in El Segundo.
UserXDR, LogRhythm’s user entity behavioral analytics (UEBA) solution, automatically identifies and prioritizes anomalous user behavior, bringing enhanced visibility and efficiency to the detection of these malicious threats.
DNIF is a HyperScale SIEM, from DNIF in Mumbai, that can ingest, enrich, store and correlate cybersecurity data at petabyte scales. It is designed to bring the benefits of a SIEM, UEBA and a SOAR into one single integrated product stack. DNIF has multi-tenancy and RBAC, capabilities…
Evidian Analytics and Intelligence allows a fine-grained auditing of IAM system, backed by strong analytic capabilities using different data sources, criteria and custom views. The trends of the Key Risk Indicators (KRIs) of a business allows users to detect atypical behaviors (e.…
Netskope Advanced Analytics enables security operations teams apply data-driven insights to implement better policies. It is used to find answers to questions about app usage, data movement, and user behaviors. Netskope Advanced Analytics helps users identify trends, zero in on areas…
InsightCyber employs AI (Artificial Intelligence) to protect critical infrastructure from cyber threat by identifying insights within data, networks & systems. OT, IT and IoT organizations, who use the InsightCyber Platform, are empowered to prioritize urgent cybersecurity problems…
The vendor states 5C Interrogated builds a constant, contextual awareness (such as concern index, suspicious application behavior) from both community-fed and premium cyber-intelligence so that cyber threats are detected before they can act.
HighGround offers a suite of functionality and services that enables businesses to manage and control all elements of their Cyber Security providing what they need and when they need it. HighGround provides management dashboards with KPIs for IT teams and business leaders to measure…
The Query.AI Security Investigations Platform offers access to cybersecurity data wherever it is stored (in the cloud, third-party SaaS, or on-prem), regardless of vendor or technology, and without requiring centralization, supporting security investigations across real-time and…
SRC headquartered in New York offers DNSentinel, a security analytics tool which allows the user to perform domain name analysis, or perform data mining on passive DNS data.
Learn More About Security Analytics Software
What are Security Analytics Platforms?
Security analytics platforms are tools which provide proactive or exploratory network security via behavioral machine learning or analytics techniques. Alternately described as SA Tools or network traffic analytics software, these products collect, normalize, and analyze network traffic for threat behavior. Vendors specializing specifically in SA offer machine learning tools for applying security models to traffic across enterprise assets. While highly related to SIEM, security analytics software may provide more advanced tools for data mining or freeform analytics.
Security analytics software provides several benefits to organizations. Overall, it enhances the actionability of security data, especially at the enterprise level. These tools reduce the manual load associated with performing security analytics. They also prevent analyses graphically for less specialized users to make decisions based on the results. This improved accessibility and data centralization can improve event response times, threat visibility, and insider threat awareness. They can also provide proof of compliance in the event of an audit.
Security analytics platforms primarily consist of data ingestion pipelines, an analytics engine, and accessible next-step functions like data visualizations, alerts, or automated workflow triggers for threat remediation. The data pipelines are designed to intake data from a wide number of sources, including non-IT contextual data like HR or finance information. Security analytics software can then perform a range of analysis methods depending on the data being analyzed, such as behavior or traffic analysis. The AI foundations of many security analytics tools makes this process less manual than it would otherwise need to be, especially when coupled with updated 3rd-party threat intelligence resources.
Security analytics are sometimes found in other security data collection tools. SIEMs and IT Infrastructure Monitoring tools are common sources of security analytics capabilities. Since the tools collect the data directly, they can be better suited to handling certain kinds of data. Standalone security analytics platforms are likely to have more robust security analytics engines. They focus on advanced AI-driven analytics and rely on other security systems to collect the security data itself. This arrangement may be ideal for businesses that are adding a security analytics tool on top of preexisting security systems.
Features of Security Analytics Platforms
Security analytics software provide the following features or targets for analysis:
Ingested data from SIEM or other sources
User and entity behavior analytics (UEBA)
Automated or on-demand network traffic analysis
Model observed behavior against threat intelligence
Configure analytics to observe behavior against policy
Application access and analytics
DNS analysis tool
Email activity
Network packets
Identity and social persona
File access
Geolocation, IP context
Security Analytics Software Comparison
When comparing different security analytics platforms, consider these factors:
Data Source Integration: Does the tool have prebuilt ingestion pipelines for specific types of security data collectors, or even specific products? These factors will heavily impact the timeline and ease of implementation and long-term management as security tools are added or replaced over time.
Scalability: How easily will the software handle analytics at volume? Consider aspects like analytics automation and the AI capabilities available. Also consider how scalable the next-steps from analytics results are, be they alert management, integrations with security controls for automated workflows, and other processes.
Usability: Much of the value of security analytics engines are the ease of use and improved accessibility of results for non-specialists. Consider how usable and actionable each product is for less-specialized users.
Start a security analytics comparison here
Pricing Information
Security analytics pricing varies depending on whether it’s a standalone platform, SIEM, or log analytics/management tools. Costs will also depend on the range of features offered and the length of time that data is retained. Pricing within tiers is often scaled by the amount of data stored, analyzed, or managed on the platform.