A ROBUST SHIELD AGAINST THE TRANSFORMING THREAT LANDSCAPE
The frequency of cyber-security concerns has had a steep rise over the last few years. Attacks like DDoS, destructive malware, etc., pose a direct threat to a company’s digital framework, data caches, etc. In the wake of these threats, companies are turning to SIEM as a proactive solution. SIEM is a proven means to thwart all kinds of security concerns in the digital space. It can analyse and track any alarming event across multiple sources and guide users in addressing them. DNIF HyperScale SIEM is a solution that converges traditional SIEM capabilities with additional technologies, such as SIEM, UEBA, and SOAR, to build a single high-value solution to counter diverse security threats.
Mr. Shomiron Das Gupta (CEO & Founder, DNIF), the HyperScale SIEM’s creator, recently spoke with our magazine about the striking aspects of the HyperScale SIEM. Shomiron discussed how his reimagined invention protects enterprises from the threat landscape and aids in data scaling. The following piece is inspired by the free-wheeling conversation.
MORE THAN A CONVENTIONAL SIEM
DNIF offers hyper-ingestion and scalable performance in log data collection and threat detection using behavioural analysis, MLdriven analytics and the latest threat intelligence to identify and mitigate emerging attacks. One can store data in an accessible and distributed environment and process it in parallel. The open architecture provides a broad array of geared up actions while being cost efficient. And it can be deployed in a variety of businesses, both private and public, where regulatory compliance is a key consideration.
DNIF comes in two different editions, Community and Enterprise. But, the Community Edition has exploded in popularity among clients.
“It’s an endeavour to bring our community together and encourage its members to contribute to the product,” says Shomiron.
But how is DNIF different from other freemium versions in the market? It doesn’t limit the volume of data inputs or the number of device integrations. It has all the offerings of the enterprise edition, including entitlements, Architecture, Deployment, Analytics, Data Management, etc. Having said that, the enterprise edition comes at a competitive price. Clients get to choose between an uncapped device licence and a monthly volume licence, depending on their needs. Both editions are scalable and adaptable, allowing them to be combined with third party applications as needed.
The idea of a HyperScale SIEM was born in the aftermath of COVID-19. With more users connecting a single SIEM product to different network devices, collecting and deciphering terabytes of log data for threats becomes onerous for a traditional SIEM. In particular, it couldn’t live up to the speed required for detecting threats. DNIF, however, totally changes that. It offers advanced security analytics and response automation, as it stems from a big data analytics engine. Also, DNIF has ML-based anomaly and threat detection models for sophisticated cyberattacks – this aids in processing efficiency and reducing risks.
Moreover, it solves the long-running issues of combining data sets with accurate analysis in a single pane view for network security, security automation, and response architecture. Simply put, as a hyper-scale product, DNIF has enabled its clients in building a centralised data lake while proactively assessing vulnerabilities across environments.
The HyperScale SIEM is fully compliant with the emerging concerns of the pandemic. It also enables clients’ security products to scale huge data generation, a rising concern amid the pandemic.
MEETING THE CORE CONCERNS
DNIF has been used by clients to ingest data from a variety of log sources (network, applications, servers, endpoints, and so on). With the increasing digitization, organisations are facing a fast-evolving threat landscape. The majority of cyberattacks go undetected, and companies are unaware of the full scope of the threats. To steer clear, they seek a product that offers enterprise-wide transparency at a reasonable total cost of ownership (TCO).
Secondly, an integrated solution capable of detecting, validating, and remediating threats across client’s network devices and applications can be beneficial. DNIF offers all of these under a single parasol. It enables clients to incorporate Sysmon Logs and achieve detection coverage for a variety of threats. Several banking clients have combined it with their swift infrastructure to deploy automated workbooks and detect outliers. Doing so, they have successfully shred manual integrations by 55%. It has been implemented by 50+ clients across the globe, primarily from BFSI and Manufacturing.
CLOGGED WITH LUCRATIVE AMENITIES
With the emerging security threats in the digital ecosystem, numerous SIEM tools have flourished in the market. To be specific, there are 50+ SIEM solutions in the market with competitive log management features. To have the upper hand in the competition, DNIF comes with a lot of salient features. It allows agentless log collecting and analysis from any source, as well as real-time data enrichment with identity, asset, geolocation, threat intelligence, and data from lookup tables.
The advanced threat detection and management engine provide a real picture of what’s going on within a network. In addition, to defend against both internal and external attacks, the User Behaviour Analytics (UBA) tool incorporated in the product continuously monitors user and device activities; not to mention the smart log management feature, wherein all client’s server logs and metrics are aggregated into a centralised system in real time.
MEET THE INVENTOR OF HYPERSCALE SIEM
Combining his skill set as an intrusion analyst with a passion for tech advancements, Shomiron founded NETMONASTERY in 2002 and has been building threat detection systems for close to two decades. And while a single tool at a low-cost may seem preferable over a specialised SIEM tool, there is a catch. A log management tool is merely a subset of a specialised SIEM tool.
And it’s not well-equipped for sophisticated threats, malware detection, warning, and situational awareness. Shomiron believes that an integrated platform adaptable and scalable to the changing threat landscape that provides transparency at a fair cost is the need of the hour. And it was there that he had the concept for a Hyperscale SIEM. It was clearly the appropriate move, as evidenced by the growing number of clients. He has set sights on making the platform, particularly the community edition, available to as many SecOps and developers as possible.