BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
Information security professionals could easily suffer information overload from the network, device and application event data that is generated in today's IT operations. They can't avoid or prune the volume of data either. Why? Because advanced attacks often require data from multiple sources to detect. As a result, InfoSec professionals are turning to security analytics platforms, such as the FireEye's Threat Analytics Platform, to help collect, analyze and prioritize security event data.
Real-time threat detection
The FireEye Threat Analytics Platform applies real-time analysis to streams of network and log data to identify potentially malicious activity. The system uses a combination of expert rules, analytics and threat intelligence data to classify security events. When a potential problem is identified, the security analytics platform generates an alert to notify security administrators.
The FireEye Threat Analytics Platform is designed to process and analyze up to 80,000 events per second. By analyzing low level security events and correlating activities, the threat analysis platform can help identify users and devices involved in the attack. The product offers what FireEye calls a "Sub-Second Search" capability, which allows analysts to quickly search billions of events.
Security analytics as a service
Security analytics is an increasingly important challenge, and the market for threat analytics is growing as one would expect. FireEye, however, does not take the common approach of selling software or appliances. Instead, it sells its security analytics platform as a cloud service. This has a number of advantages. There is no need to purchase, install and maintain hardware on premises. This minimizes additional demands on your network and security operations teams. It also avoids capital expenditures.
Delivering security analytics also means FireEye can have customers enrolled and using the service in a matter of hours, instead of weeks that might be needed by some hardware procurement cycles.
Prioritizing security events
Given the nature of cyberthreats today, it is not surprising that security administrators are often inundated with alerts. Finding a common malware file en route to a user's email inbox is not a surprising event. It is such a common event that it, along with other common but low risk events, could distract infosec professionals from higher risk threats that demand their immediate attention.
FireEye Threat Analytics platform prioritizes alerts so security incident responders can focus on the most threatening incident at any time. It also addresses the need for workflow support, as the platform includes tools for assigning tasks and monitoring the outcome of those tasks. Responders can add their own notes and attach relevant files to an incident record to help consolidate incident information in a single source. Search tools are provided to enable retrieval.
FireEye offers four support programs: Platinum, Platinum Priority Plus, Government and Government Priority Plus. All programs offer 24/7 email, phone and live chat support while the Priority Plus offerings include direct access to senior support engineers. FireEye also provides online community forums, technical education and access to a network or partners. For additional information on pricing, contact FireEye directly.
Many organizations can benefit from security analytics tools, but may be held back by the need to support additional infrastructure or lack of capital funds to buy additional hardware and application licenses. FireEye Threat Analytics Platform moves security analytics to the cloud, thereby creating an option for those who would rather enter in a pay-as-you-go arrangement than invest in security software and hardware up front. Its combination of threat analytics prioritized alerting and a cloud-based service, meanwhile, is a compelling differentiator in an increasingly important market segment.
Part one of this series explains the basics of security analytics products
Part two examines the use cases for security analytics
Part three looks at how to procure security analytics products
Part four compares the best security analytics products on the market