Logtrust debuts analytics solution for detecting threats in real-time
Logtrust announced at RSA Conference 2017 its Real-time Integrated Threat Analytics Solution Program.
The program enables companies to build solutions that analyze the historical behavior of systems and attackers in order to detect, understand and eliminate potential threats in real-time – even those that are coming from multiple sources, across multiple devices.
Reiterating the point Pedro Castillo, CEO of Logtrust, recently made: “Under the barrage of constant cyber-attacks, organizations are blindsided by misleading indicators and often can’t determine why and when a security-related event has occurred. The number of moving pieces that cyber security teams have to monitor, correlate and analyze is prohibitive, leaving companies exposed.” According to Logtrust, the ‘moving pieces’ of real-time threat analytics, which are now integrated into their new solution, include:
- Discovering the relationships between bad actors, their methods and their targets
- Understanding the evolution of attack patterns over time
- Detecting deviations on data being streamed in real-time that may indicate threats
Analyze the past to understand and counter threats in the present
To recognize and counter potential threats in real-time, organizations must be able to analyze historical data and immediately compare it to streaming data. Logtrust’s Real-time Integrated Threat Analytics Solution makes this easy, bringing real-time big data analytics to security with:
- Real-time Low Code, No Code Advanced Search and Analytics: Continuously ingest multiple log formats, conduct searches and queries on live and historical data via simple point-and-click, and initiate complex event processing–all without complicated coding.
- Storage of Historical Network Sessions and Events: Achieve ultra-fast historical analysis, selectively slice/dice and replay network sessions/events, and visualize the data through force-directed graphs and Sankey diagrams.
- Real-time Network Topology Event Analysis: Uncover live communications occurring with adversaries; hunt for dynamic event data changes in topology; search for both passive and active new event data changes.
- Network Packet Analysis: Conduct real-time monitoring on all ports, protocols, perimeters and internal traffic; detect volume changes for high-value asset data traffic that indicate suspicious activity.
- Statistical Pattern Learning and Active Defense: Conduct advanced statistical operations over time-sliced windows, uncover seasonality in data with Holt-Winter bands, and set up real-time alerting to counter threats based on your findings.
Through its partnership with Panda Security, Logtrust’s solution also enables key capabilities of the Panda Adaptive Defense next-generation endpoint protection solution, such as the recording, visualization, analysis and reporting of endpoint and user events in real-time, for any period of time, such as in-depth executable activity, real-time vulnerability reporting, access to data and more.