The SMART LogAnalyzer (SLA) utilizes the most sophisticated analytic capability and operates at silicon speed. Think of this as pairing Flash with Sherlock Holmes. SLA provides a private cloud storage system for the collection and processing of ingested information ex: Netflow, device logs, system logs, vulnerability reports, penetration weaknesses, DNS, DHCP, application logs, alerts, and big data analytics. Going to the cloud for storage allows continuous growth of log storage that will enable the software to process new cases in analysis for security purposes. Since cloud storage is built on commodity hardware, and expandable on-demand, it reduces the cost to start and grow your data set.
- Detection and Identification of threats and APTs by connecting the dots across multiple information sources (system/application logs, DNS, DHCP, Netflow, DPI, firewall, honeypot).
- Detection of new and abnormal protocol usage for collecting, encrypting, and moving or exfiltration of information. And the ability to track efforts to blend into normal network traffic.
- Information: Netlow, DPI, network protocol, and application knowledge
- Phen.AI/CheckMate’s AI operates to detect and solve problems in SIEM-collected information.
Phen.AI uses SIEM information to track and correlate events as threats develop across devices.
- Phen.AI has been implemented to take other security software alerts and resolve false positives and provide actionable response information.
- Phen.AI becomes smarter, precise and discovers more threats as CheckMate is used to collect more information as a SIEM on steroid
- The more information and data you feed into CheckMate the more powerful Phen.AI becomes.
- Greatly reduced cost to increase SIEM information ingest to all systems and devices with greater information history.
- The only requirement to increase SIEM device ingest into CheckMate is to add “compute nodes”. The current CheckMate solutions are well-architected to manage syslog feeds with Zero Trust.
SLA’s capabilities are integrated with CheckMate and Phen.AI. The software uses Knowledge Representation, Reasoning, and Action (KRRA) to provide and ensure dynamic analysis. SLA is intended to examine and propose objective experimental ideas. Phen.AI employs KRRA to combine strong probability findings from Machine Learning (ML), Artificial Intelligence (AI), and Reinforced Learning (RL) with cognitive analytics based on learned facts, relationships, and rules about the objects being studied. Phen.AI is designed to communicate in simple English to request tasks, discuss results, make ideas, and identify flaws discovered during the analysis. Multiple mind-frames are used by Phen.AI to analyze problems in parallel with different mental approaches to produce optimal results. This allows Phen.AI to take different approaches to objective cognitive analytics, and identity, and suggest adjustments and changes that lead to highly optimized results.
The system or appliance is installed and configured centrally located at the customer site or secure cloud. The system is an analytic cloud environment that scales to customer needs. All secure information is stored, processed, and displayed privately at the customer site. The system allows for simultaneous processing and analysis by Phen.AI and analysts. The highest security and protection for the data are provided within CheckMate ensuring quality Confidentiality, Integrity, Availability, and security protections.
Since SLA provides a log repository from many different systems, it is able to make correlations between logs that were never before available. Providing full insight into users’ movement through the network and analysis of systems like never before. Since this contains the logs of your entire enterprise, including their weaknesses and attack points, you want to keep this in-house and have full control over the data. You don’t want to unwittingly expose your site by providing the keys to enter. SLA provides the security necessary to guard and protect these key information assets. Our threat analyzer a component of SLA provides a mechanism to explore and use business intelligence techniques to ferret out relationships among the data sets to further identify strengths, weaknesses, and vulnerabilities. SLA provides real-time monitoring, signature alerting, personal profiling, and anomalous activity detection, and provides a graphic interface that goes beyond simple graphic indexing with CCG-provided visuals and dashboards.