"The introduction of the Anti-SIEM is welcome news," said Vladislav Ryaboy, Director of GSOC, Crawford & Company, the world's largest publicly listed independent provider of claims management solutions. "Not just for the threat detection and security value, but also the productivity gains that the analytics engine will provide us. This will definitely reduce the noise level for our security team, and make them a lot happier."
The Anti-SIEM is a distributed software platform that starts with a focus on threat detection, by ingesting raw data from web, email, and lateral spread traffic, as well as log and event data from a variety of other security tools in the network.
In as little as 15 seconds:
- All information is fed into its analytics engine, which uses machine learning and behavioral analysis technologies to first identify advanced threats;
- All related alerts and log events from other sources are then correlated, and user/host identify information is added; and
- A consolidated timeline view of the entire security incident is presented, showing the threat and all related events over time, as well as progression through the cyber kill chain.
Its scalable architecture allows organizations to store threat, log, and event data for months or years, and thus easily adjust the timeline view of user/host-based security incidents. The platform offers incident response teams "one-touch" auto-mitigation capabilities. For example, it can automatically create and publish new rules and policies so that in-line devices can block similar threats in the future.
"The Anti-SIEM was actually developed by security professionals. Nearly 1,000 SIEM users in large organizations across the US contributed insight to our R&D," said Franklyn Jones CMO at Cyphort. "We like to say it's everything users want in a SIEM -- and less. That's because SIEM users have been pleading for a solution entailing less cost, less noise and potential for false positives, less complexity, an above all, much less wasted time -- and that's what we debut today."
Research conducted with the Ponemon Institute, Osterman Research, and InterQ Research revealed specific problem areas where SIEM time, cost, and complexity issues were negatively impacting the productivity of security analysts and incident response teams. The research also provided deep, actionable insight into specific areas where Cyphort technology could be extended to enable far greater security team productivity, accelerate event response, and save significantly on costs.
"We examined many of the specific manual tasks required by Tier 1 and Tier 2 responders, whose workdays usually begin with data generated by the SIEM," explained Frank Jas, CTO of Cyphort. "A new level of understanding of their processes and workflows informed our creation of analytics and UI features within the Anti-SIEM that minimize the need for the manual, time-consuming steps that now monopolize security teams' days."
The Anti-SIEM delivers "less" of what customers don't want:
- Less cost: including lower licensing and deployment costs, and measurably higher productivity gains through its analytics engine to automate event processing capabilities. Savings can easily exceed $100,000 annually.
- Less noise: Relevant alerts, logs, and event data are now automatically analyzed and consolidated into a single security incident, thus significantly reducing the noise from distracting alerts.
- Less complexity: Research revealed that most SIEM deployments require 3 months or more before customers get the value they want. The Anti-SIEM minimizes deployment complexity and reduces time-to-value to just a few days, sometimes even hours.
- Less wasted time: By automating the proactive detection, analysis, and consolidation of information related to advanced threats, security teams waste far less time on low-level tasks and can focus on priorities for the organization.
"Managing incident response and threat mitigation is difficult and time-consuming," said Michael Osterman, Principal Analyst of Osterman Research. "The Anti-SIEM promises to significantly alter the security management landscape by improving the speed and efficiency of threat detection and response, while simultaneously lowering the costs of these critical processes."
The Anti-SIEM can be deployed with an existing SIEM to improve productivity and strengthen security, or in place of a SIEM for organizations that want the benefits of a SIEM without the drawbacks. The Anti-SIEM solution and its components can be purchased as a 1- or 3-year software license. Specific pricing depends on customer deployment requirements.
