Why we partner with Accedian for next-generation intrusion detection

A guest blog from our cybersecurity partner UnderDefense

Cloud computing, mobility, and Internet of Things (IoT) have dramatically changed the business world. Networks continue to grow and are increasingly complex, with a myriad of desktops, laptops, mobile devices and apps relying on them. Hybrid IT environments, in which agencies manage on-premises IT systems, must interact with workloads in multi-cloud infrastructures. This results in evolving security threats with more and more sophisticated attack vectors adjusted to the complex networks.  

Perimeter-based security tools and approaches worked relatively well when organizations had few entry points for user access—and limited data to manage. Nowadays, businesses are faced with the issue of improving cybersecurity processes and improving data protection in a world where systems are so deeply intertwined and interconnected. 

One of the solutions is to adopt a data-centric approach. This means that organizations shift their cybersecurity focus from systems to data. After all, it’s the data that has value—though not all data has equal value. 

As we announced today, Accedian’s Skylight powers a Next-Generation Intrusion Detection-as-a-Service offering that not only provides information about cyber-attacks, but also provides the answers and actions to stop attackers that are already in your network. The bad actors inside your perimeter!

The Skylight powered Security app for Splunk provides you with full security visibility by monitoring both East-West and North-South traffic for security within the cloud, data center, hybrid and enterprise core and edge. 

As full traffic capture isn’t really efficient in case of storage and device performance, Skylight security sensors turn it into compact structured metadata, which allows you to minimize the use of data storage and provide long-term data availability. (Read How Skylight reduces the amount of data you need to store (and pay for!) for historical look-back here). This method makes Skylight ideal for today’s expansive virtual and perimeter-less attack surface – you need the power to see into the darkest reaches of your network with an agile, easy-to-deploy, and cost-effective cybersecurity solution.

This is a ready-to-use solution for you and your security analytics team because we focused on making it simple and useful. Our goal is to help you focus on what’s important and spend your time the most effectively.

To go a bit deeper on why we (UnderDefense) are working with Accedian Skylight for our Next-Generation Intrusion Detection-as-a-Service offering.

Skylight powered Security features:

  • Visibility of your entire operational environment on the incident posture dashboard in seconds
  • Alerts sent to your preferred messenger(s) with minimal false-positive rates
  • Built-in threat intelligence monitoring plus custom TI feeds
  • Enriched user and host context associated with each alert
  • Suggested next investigation steps help you decide if an issue is a true threat
  • Ability to review and adjust incident urgency to improve operations scheduling
  • Complete visibility for issue status: new, in progress, or resolved
  • Detection of new Ransomware with our ML engine
  • On-premise and cloud deployment
  • 10+ Gb/s monitoring throughput
  • Ideal for telecom, large enterprise and distributed physical and virtual networks (SDNs)
  • Long term retention of forensic quality source data including 100% of application security protocol transactions at 1 minute reported the granularity with easy to select time frame options

The detection mechanisms are based on four approaches:

  • Using machine learning and AI
  • Using Indicators of Compromise (IoC) as part of Threat Intel Feeds
  • Using a statistical approach to detect anomalies
  • Using the signature/pattern approach

That provides the security analyst with the possibility to detect Tactics, Techniques, and Procedures (TTP), suspicious behaviors, and other security issues that can only be seen by examining the entire digital landscape’s traffic.

Within the Skylight powered Security app, organizations can gain capabilities such as:

  • Detecting suspicious activity within a network, which firewalls and other security gateways can not detect
  • Achieving faster triage and investigation of security incidents using clear workflows and suggested next steps
  • Integrating with other products for immediately response
  • Collaboratively working with other security analysts, leading to faster incident response
  • Maintaining forensic data for deeper investigation as long as it necessary
  • Receiving scheduled reports about security posture in the organization in a more collaborative way (emails, corporate messengers, etc).
  •  Monitoring the efficiency of your security team

These intrusion detection security capabilities enable you to apply proactive security threat detection capabilities inside your organization instead of relying solely on reactive, preventive measures. Let’s stop the bad actors!

Read the Skylight powered Security for Spunk solution brief here, or get started with your free download from Splunkbase.