- 90 days Hot storage; 1-year warm storage (base) PCI-DSS, etc.
- Pseudonyms implemented to meet GDPR, CCPA, PIPEDA, etc.
- Active user tracking and historical behavioral analysis
Through Simplifed Central Log Management
Security operations are plagued with bad results. In fact, the industry is getting worse at detecting attacks. At the heart of the problem are Security Information and Event Management (SIEM) systems. They have become bloated, unfocused, and unscalable. XBAND is focused on three simple requirements that allow organizations to scale to larger information loads, while leveraging deployed security products to their fullest: Capacity, Correlation and Retention.
Compliance and Privacy
Reduced Business Risk
Improved Risk Metrics
Reduced Business Costs
Gartner’s SIEM Magic Quadrant states three principal factors: the number of event sources; the number of sustained events collected per second; and the size of the event data store. Fluency has demonstrated for a large government organization the ability to process over 500,000 events per second (EPS) while handling 8 to 12 billion events a day. Today, Fluency ofers the ability to search petabytes of data in seconds.
Fluency far exceeds other databases used in log management. Testing shows Fluency was 50 times faster than Elastic and fve times more than Vertica. Unlike these databases, Fluency was developed exclusively for log management in the cloud. The result is a scalable solution for collecting, processing, and retrieving data.
Fluency’s patented technology correlates incoming data in real time. This means that time-sensitive correlations, such as the associated device is immutably recorded to the event. More than 200 days later, when the breach is determined, a Fluency record shows these attributes even though they are dynamically assigned.
Fluency’s processing window allows for third-party interfaces to be queried and results added to the record. This means information such as known indications of compromise, geo-IP, and antivirus analysis can be added to a correlated record.
Fluency delivers the strongest data retention capabilities in the industry. The Fluency Enterprise solution delivers 90-days hot and full-year cold storage by default. Fluency’s design minimizes cost and long-term storage/search. It also delivers data retention in a cost-efective manner that does not compromise speed or fexibility. Data is stored in a schema-less data structure that is fully indexed.
This chart compares published best prices extended to 100Gb. At the 1Tb/day level, Fluency costs only 0.30 per gigabyte
Fluency RiskScore is a scoring process that prioritizes events based on the supporting facts and statistics. It mimics the human process of looking for supporting information to determine which events are most likely to be correct in detecting unwanted activity.
RiskScore performs set theory on each event as it enters the system. It groups these sets in a hierarchy of a communication source, and subsets of destination couplings. Scoring in a coupling gives stronger weight to unique information and information related to the malicious activity. This means RiskScore gives priority to groups of events – not a single event.
The result is that alerts that demonstrate supporting issues are prioritized to the top for further validation and automated response.
The big diference we see with Fluency is that the people in our SOC don’t need to go searching for as much data because Fluency provides much of it all in one place. And that’s signifcant for us because it translates into far greater visibility that dramatically increases efficiency.
-Fran Moniz, Network Security Architect, American National Insurance Company