Kx for Cybersecurity - A New Approach
Most cybersecurity solutions ignore the human element, focusing solely on reporting and alerting. In contrast, Kx technology enables and augments the human data analyst, extending automated analysis tools with deep and immersive data exploration capabilities engineered to handle the volume, velocity, and variety of today's Big Data environment.
The few SIEM solutions that can handle the volumes and complexities come at a heavy cost in terms of hardware, software and maintenance. Enterprises need alternative Big Data security solutions that are robust and reliable, while offering flexibility and scalability, as well as low total cost of ownership. Kx technology, leveraging kdb+’s simplicity, performance and scalability, can be configured to meet any cybersecurity need and can be deployed on premises or in the cloud.
WHY USE Kx FOR CYBERSECURITY?
- Ingest, aggregate, and correlate network data at scale
- Parse and augment traffic data at ingest via feed handlers
- Create and embed session metadata to accelerate alerting and analysis
- Store and query data from real-time or historical databases
- Perform blazingly fast, near real-time queries (e.g. billion record queries in milliseconds)
- Visualize network traffic in real-time to identify high-risk threats
- Includes a state-of-the art interactive development environment (IDE) to write, debug, test, version, and deploy complete cyber software solutions
AD-HOC DATA EXPLORATION & VISUALIZATIONThe platform's Collaborative Analysis Environment gives the entire team access to your data. Using the environment, cyber analysts can execute real-time queries against any aspect of their network; perform complex ETL operations; import and export from a wide range of data formats; visualize massive datasets in seconds; build scripts to perform complex real-time computations; develop custom visualizations; and integrate any of these explorations into any existing dashboard.
And since all of their explorations can be shared via the environment's version-controlled repository, analysts can take a team-based approach to problem solving.
NETWORK THREAT DETECTIONThe solution is ideally suited for ingesting and analysing traffic data in real-time as well as drawing from historical databases to identify and detect threat-related anomalies and patterns.
The open nature of the platform allows you to integrate and leverage 'best-in-breed', third-party predictive, machine learning, behavioral, or anomaly detection libraries to build classification and prediction systems. Using these capabilities analysts can identify and isolate patterns of interest in near real-time.
The same capabilities enable specialists to iterate through the data, build adaptive models, and provide quick visual analysis tools to cybersecurity analysts, allowing them to track hundreds of millions of events each day.
NETWORK PERFORMANCE ANALYSISThe solution's built-in database and dashboards give you immediate access to a wide range of performance data such as files accessed, services accessed, web categories, ports, events, bandwidth usage per user, threats by category, processes, and more.
In addition, the high-performance query language (q-sql) allows you to perform real-time queries on all of the data inside your system. Users can easily create custom reporting dashboards focusing on the data and metrics that matter to them most.
THIRD-PARTY HARDWARE & SOFTWARE INTEGRATIONIntegrate with existing anti-virus/anti-malware, anti-DoS/DDoS, security intelligence systems (SIEM) and data stores:
- Support for STIX threat ingestion
- Supports "real-time, ad-hoc, Big Data" exploration and analysis including:
- extract, transform, and load (ETL)
- import/export from a wide range of data sources (including CSV, ODBC, JSON, standard log formats, HDFS, )
- Interface with open-source and commercial predictive analytics, machine learning, behavioural, and anomaly detection libraries
LOG ANALYSISHarvest, aggregate, alert, and report on log data at scale:
- Leverage kdb+ to execute high-performance Big Data queries against structured data
- Use the built-in natural language processing support to query unstructured data
- Combine these approaches to simplify the task of identifying coordinated multi-level attacks