In several breaches including the Anthem breach, it was determined that security engineers actually had alerts to the activity that should have raised a red flag within the organization. However, due to the large number of alerts received, these alerts were not noticed until well after the breach was discovered by a savvy engineer. Many SIEMs alert to thousands of issues that are not relevant. Tuning sensors and alerts are the only way to ensure that the important issues get the attention they deserve. Introducing Big Data Alerting Framework.
The problem with SIEMs
Utilizing big data, lucence indexing and an alerting framework, Jigsaw Security ensures that items of high significance do not get ignored due to volume and false positives.
Utilizing time series and aggregation of event data with logs and indicators you will never miss an important alert again.
Also, using analytics ensures that items that are not signature based are still detected in the platform. By setting activity thresholds, time windows, traffic and event baselines you can detect non signature based anomalies and insider threat activity.
Jigsaw Security utilizes Hadoop, GlusterFS and Elasticsearch (ELK Stack) to create customized solutions for our clients. The alerter product will match items and events to information stored in Hadoop or Elasticsearch and allows notifications to Email, Distribution List, SMS or to third party products to include our Big Data Engine.
JIGSAW SECURITY BDE (Big Data Engine)