Conquering Compliance

Through Simplifed Central Log Management

A New Approach

Security operations are plagued with bad results. In fact, the industry is getting worse at detecting attacks. At the heart of the problem are Security Information and Event Management (SIEM) systems. They have become bloated, unfocused, and unscalable. XBAND is focused on three simple requirements that allow organizations to scale to larger information loads, while leveraging deployed security products to their fullest: Capacity, Correlation and Retention.

Compliance and Privacy

  • 90 days Hot storage; 1-year warm storage (base) PCI-DSS, etc.
  • Pseudonyms implemented to meet GDPR, CCPA, PIPEDA, etc.
  • Active user tracking and historical behavioral analysis

Reduced Business Risk

  • Reduced Business Risk
    • Ingest and correlation of all data sources en masse
    • Audit Compliance and Privacy built in


  • Patented Advanced Database, Correlation and Risk Scoring
  • AWS Cloud based, High Availability and High Durability
  • Able to run on any AWS international location or On-Premise
  • Machine Learning Anomaly detection
  • Multi-Tenant enabled
  • High capacity (250+TB/day) and scalability (12 million EPS tested)
  • IPv6 Support built-in
  • Reputation Services include VirusTotal to Webroot and others
  • Ongoing maintenance handled by Fluency vs User

Improved Risk Metrics

  • Dramatic reduction in False Positives
  • ML and Real-time accelerated detection of anomalies
  • Prioritized threat scoring
  • Customized threat level policy objectives
  • Reduction of dwell time
  • Immediate email alert notifications
  • Quicker enforcement of corporate use policies
    • Such as Shadow IT usage

Reduced Business Costs

  • Advanced correlation analytics improves SOC efficiencies
  • Augments existing legacy SIEM investments with dashboard tie-in APIs


  • Flat SaaS pricing based on raw storage ingest need
    • 5x less expensive than nearest competitor
    • 1yr or 3yr subscriptions available
  • No professional services fees or costs to deploy or support


Gartner’s SIEM Magic Quadrant states three principal factors: the number of event sources; the number of sustained events collected per second; and the size of the event data store. Fluency has demonstrated for a large government organization the ability to process over 500,000 events per second (EPS) while handling 8 to 12 billion events a day. Today, Fluency ofers the ability to search petabytes of data in seconds.

Fluency far exceeds other databases used in log management. Testing shows Fluency was 50 times faster than Elastic and fve times more than Vertica. Unlike these databases, Fluency was developed exclusively for log management in the cloud. The result is a scalable solution for collecting, processing, and retrieving data.



Fluency’s patented technology correlates incoming data in real time. This means that time-sensitive correlations, such as the associated device is immutably recorded to the event. More than 200 days later, when the breach is determined, a Fluency record shows these attributes even though they are dynamically assigned.

Fluency’s processing window allows for third-party interfaces to be queried and results added to the record. This means information such as known indications of compromise, geo-IP, and antivirus analysis can be added to a correlated record.



Fluency delivers the strongest data retention capabilities in the industry. The Fluency Enterprise solution delivers 90-days hot and full-year cold storage by default. Fluency’s design minimizes cost and long-term storage/search. It also delivers data retention in a cost-efective manner that does not compromise speed or fexibility. Data is stored in a schema-less data structure that is fully indexed.

This chart compares published best prices extended to 100Gb. At the 1Tb/day level, Fluency costs only 0.30 per gigabyte


Fluency RiskScore is a scoring process that prioritizes events based on the supporting facts and statistics. It mimics the human process of looking for supporting information to determine which events are most likely to be correct in detecting unwanted activity.

RiskScore performs set theory on each event as it enters the system. It groups these sets in a hierarchy of a communication source, and subsets of destination couplings. Scoring in a coupling gives stronger weight to unique information and information related to the malicious activity. This means RiskScore gives priority to groups of events – not a single event.

The result is that alerts that demonstrate supporting issues are prioritized to the top for further validation and automated response.

At a Glance

Advanced Analytics
Advanced Analytics
Advanced Analytics
Advanced Analytics


  • 90 Days Hot Data Search
  • Full-Year Cold Retention
  • Stores Network, Host and Cloud logs
  • Immutable High-Speed,High-Availability Database
  • Full Field Indexing, Custom Parsers Included
  • Real-Time Correlation
  • IPv6 Capable
Retention Goals For Compliance

The big diference we see with Fluency is that the people in our SOC don’t need to go searching for as much data because Fluency provides much of it all in one place. And that’s signifcant for us because it translates into far greater visibility that dramatically increases efficiency.

-Fran Moniz, Network Security Architect, American National Insurance Company