Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Hexis Cyber Solutions' HawkEye AP: Product overview

Expert Dan Sullivan examines the HawkEye AP platform, a big data security analytics product from Hexis Cyber Solutions that can parse hundreds of different data formats.

If time is money in business, speed is security in infosec. HawkEye Analytics Platform is the big data component of the HawkEye set of security tools from Hexis Cyber Solutions, while HawkEye G offers integrated threat detection and automated response. Both are designed to provide comprehensive products to critical requirements in big data security analytics while putting an emphasis on speed.

HawkEye AP: Big data security analytics

HawkEye AP is a layered data management platform providing core services from data ingestion up through reporting and analysis. The foundation of the data management system is the Event Collection component, an extraction, transformation and load service that includes connectors to over 250 types of source systems. These sources include Windows servers, web servers, firewalls, databases, logs, NetFlow sources and SNMP sources.

The platform is designed to parse through hundreds of different data formats automatically. Data ingested by the event collection component is stored in the platform's vent data warehouse, a write once database optimized for columnar storage. The write once feature ensures the integrity of data by preventing tampering at the lowest levels of data access. It also allows database designers to avoid the overhead mechanisms needed in other databases that support update operations. The Event Database supports standard SQL and business intelligence tools so customers deploy third-party reporting tools to support their security reporting.

While traditional BI reporting tools may be helpful in some cases, the volume of data and fine grained attributes captured in security event information can make it difficult to find useful information. The analysis component of the HawkEye AP incorporates user management and some reporting functionality specifically designed for security information. These reporting tools further support a Dashboard, Reports and Investigation module that provides an HTML5 console for a single point of access to security data.

HawkEye G: Threat detection

To further support analysis and reduce the volume of data infosec professionals have to contend with, the HawkEye AP provides a thread detection component called HawkEye G. This incorporates machine learning and statistics techniques to help identify patterns, classify data and help infosec professionals focus on the most informative parts of all available security data.

HawkEye AP, coupled with HawkEye G, offers a comprehensive platform for big data security analytics. While HawkEye AP collects data from servers and network devices, HawkEye G includes endpoint agents for gathering data in real time for user devices. HawkEye G also has modules for detecting events at network edges as well as from third-party platforms.

Significant security events are usually a small percentage of all events recorded. Searching for malicious activity on an active business network is a prime example of searching for the proverbial needle in the haystack. HawkEye G incorporates a proprietary ThreatSync technology that verifies threats to reduce false positives using host and network correlation techniques. It also prioritizes events to help infosec professionals focus on the most important threats.

HawkEye also includes policy driven automated response to events. This can be especially important when infosec staff is limited and automated responses are needed to keep up with suspicious events on the network.

Pricing, support and deployment

Hexis Cyber Solutions' HawkEye AP is a software platform that is designed to sit between an enterprise's security operations center and the existing networking and security infrastructure. In addition to the HawkEye AP platform, Hexis also offers a managed service option for those who would rather delegate management and maintenance to the vendor.

Pricing is available by contacting Hexis Cyber Solutions directly. The company offers 24-hour support through its customer portal as well as phone support during normal business hours or 24/7, depending on your service-level agreement. Hexis Cyber Solutions' professional services group is available to help with planning, implementation and ad hoc analysis. The company also partners with EMC, Palo Alto Networks, SourceFire and Cerner.


Big data security analytics requires both scalable data management and advanced analysis tools that support infosec operations. The combination of HawkEye AP and HawkEye G cover both of those fundamental requirements. HawkEye G will be especially appealing to organizations that want the ability to query an event database using standard business intelligence reporting tools. For its part, the managed service option will likely appeal to small and midsize businesses that want the capabilities of the HawkEye platform, but do not have resources on staff to manage and maintain a big data security analytics platform.

Editor's note: The HawkEye G technology was recently acquired by WatchGuard. It's unclear how this will affect its integration with HawkEye AP.

Next Steps

In part one of this series learn about the basics of big data security analytics

In part two discover the business case for big data security analytics

In part three find out how to evaluate big data analytics platforms

In part four compare the top big data security analytics products

This was last published in September 2016

Dig Deeper on Data security technology and strategy