Cyphort Anti-SIEM
Photo Gallery
 |
 |
Cyphort Anti-SIEM
Additional Info
| Company | Cyphort |
| Website | http://www.cyphort.com |
| Company size (employees) | 50 to 99 |
| Type of solution | Software |
Overview
Cyphort’s Anti-SIEM is a powerful security analytics platform that empowers enterprise security teams with the prioritized, actionable intelligence required for fast, interactive threat investigation and response to advanced threats.
The software solution builds on Cyphort’s expertise in advanced threat detection, then adds a sophisticated, scalable analytics engine that ingests, analyzes, and correlates data from Cyphort collectors and other security tools deployed in the network. Consolidated results are presented, along with identity information, as an adjustable timeline view of the complete security incident.
Cyphort’s SmartCore analytics engine is paired with threat visualization capabilities that reveal threat progression through the cyber kill chain, as well as the scope and impact of a threat on named hosts and users. This provides useful context that enables faster and more accurate mitigation decisions. Also, the Anti-SIEM prioritizes threats based on their progression through the cyber kill chain and their scope (threat impact on other endpoints). This automated process is often completed within 15 seconds. By consolidating all related events into a single security incident, security analysts and incident responders can then run interactive investigations that fully leverage this rich set of data.
The Cyphort platform includes an integrated storage architecture that is easily scalable based on the requirements of each customer. For example, some companies only want 3 months of storage, while others prefer 3 years of storage to enable deeper historical forensics. The timeline view of security incidents noted above can also be extended to weeks, months, or more based on the historical data stored by the customer.
Cyphort’s distributed architecture leverages lightweight collectors that can be deployed at any number of branch offices, all feeding into an analytics engine deployed at headquarters or in the cloud. This ensures that the entire organization, even a five-person branch office, is protected.
How we are different
• Advanced Threat Detection - Unlike traditional SIEMs, Cyphort’s platform is built on strong advanced threat detection capabilities. The data ingested from Cyphort collectors – which continuously monitor web, email, and lateral spread traffic – are fed into the SmartCore detection engine, which consolidates all data and applies machine learning and behavioral analysis technologies to identify advanced targeted attacks, often within 15 seconds.
• Advanced Threat Analytics - Analytics has long been in the DNA of Cyphort. The SmartCore analytics engine complements its detection engine and is focused on making interactive investigations productive and efficient for analysts and incident responders. In addition to ingesting raw data from its own collectors, SmartCore ingests events from other detection and identity sources. It then employs correlation algorithms that enable data reduction, risk-based prioritization, and automation of many tedious manual processes
• One-Touch Threat Mitigation - To help improve the productivity and response time of security teams, the Anti-SIEM offers automated “one-touch” mitigation capabilities. For example, the platform can automatically create new rules and policies for inline devices to strengthen them against future attacks. Likewise, it can work with NACs to isolate or restrict the movement on infected endpoints until deeper forensics can be done.
