Click Security Analytics: Product overview

Expert Dan Sullivan takes a look at Click Security's collection of tools focused on key areas of security analytics, including profiling, investigating and analyzing threats.

Information security is no longer just about implementing a set of best practices or point products like antimalware, network configurations and authentication mechanisms. All of those things are still required, of course, but they are no longer the end of the story. Organizations need the ability to analyze what is happening on their networks in real time.

This starts with assuming that some element of their security controls will be compromised. Enterprises today need to be looking for signs of that compromise. This is where security analytics comes in. Click Security is a company that provides a set of analytics tools focused on areas of security analytics, including profiling, investigating, responding and analyzing actor behaviors within an organization's network.

These tools allow infosec professionals to collect and analyze information about events on the network, identify particularly suspicious activity and then take action to mitigate potential risk of those activities. Here's a closer look at the tools within the Click Security Analytics suite.

Click Security Profiler

Click Security Profiler provides an interface for analyzing both actors and events within an infrastructure. These tools collect data from multiple sources, including network traffic, logs and file events. The Profiler uses event correlation to group discrete events into higher level logical collections. It also provides a risk ranking of actors and events to help front line security analysts assess the relative importance and priority in the face of multiple threats.

Click Stream Security Investigator

Click Stream Security Investigator is a tool for viewing attacker activity at a higher level of aggregation than provided by the Profiler. With the Investigator, events are consolidated and visualized at a level that allows analysts to better assess the key events in the attacker's progress. This sequence of events, known as the kill chain, identifies key events in the progression on an attack. Attacks typically start with reconnaissance, followed by delivery of some kind of attack vector, installation of command and control tools and eventually exploitation of the capabilities that attacker has established. Understanding this typical course of events in an attack, and being able to identify them from network, log and other data is a key to deploying countermeasures to mitigate the risks of an attack.

The Responder

The Responder is an application that applies lockdown policies in response to events. The application includes a graphical user interface displaying key metrics about the number of times policies have been triggered.

Actor Analytics Framework

The Actor Analytics Framework is a central hub for collecting and analyzing security related event data. The framework is designed to collect data on security events, analyze those events with emphasis on actor-oriented activities and incorporates threat intelligence to create a broad view of the actors and event contexts.

Click Security's Actor Analytics Framework also implements kill chain profiling and intelligence management. It utilizes in-memory analytics techniques to examine incoming events and links them to previous events by the same actor. Third-party intelligence data is added to context information collected from Click Security tools.

Prior to being acquired by Alert Logic, Click Security introduced new functionality for its analytics suite, including Actor Context Graph, an interactive visualization feature designed to help admins correlate events with related data.

Pricing and support

Click Security offers support services online and over the phone. For those looking for direct support, Click Security works with partners as well. Contact parent company Alert Logic for additional details on pricing, licenses and support.


The Click Security Analytics tools address key information gathering and analysis stages needed to detect, understand and respond to a cyberattack. In spite of security best practices, the state of today's information security landscape leaves many with the feeling it is only a matter of time before our systems are attacked, if they have not been attacked already. Security analytics tools such as Click Security's Actors Analytics Framework are needed to respond to the kinds of attacks that are all too common today.

Security analytics tools, such as Click Stream, generate valuable information but are not standalone tools, such as malware scanners. Organizations with dedicated information security professionals who understand attack strategies and methods will get the most from Click Security. The combination of tools, such as Profiler, Responder and the Actor Analytics Framework, create a complete security analytics solution. It's important to note that Click Security was acquired by Alert Logic last spring, and Alert Logic said its intention was to "quickly integrate the Click Security employees and technology" into its Cloud Defender platform. This could change how Click Security Analytics is sold and supported in the future.

Next Steps

Part one of this series explains the basics of security analytics products

Part two examines the use cases for security analytics

Part three looks at how to procure security analytics products

Part four compares the best security analytics products on the market

This was last published in September 2016

Dig Deeper on Data security technology and strategy