|Like other SIEM, the SMART LogAnalyzer (SLA) , processes and indexes logs looking for indicators of compromise providing insight and tracking/recording the activities within the network, then providing that information and analysis to Phen in order for him to determine how much of a threat something is to the IT environment. Along with that, Phen is taking those indicators and processing further.
Phen is looking through millions of lines of logs, analyzing and investigating further implications of the SEIM discovered event in all logs. Allowing the analyst to work on more complex problems. Phen is validating the SEIM events to verify they are true.
Tracks long term attacks where single or multiple threat try to break the system a couple times a day (the slow and steady, under the radar), it also pays attention to an all failed login attempts.
Tracks and determine whether there are multiple threats or just a singular threat when an attack happens, the SLA can trace the IP address directing us to the root of the attack.
Where other SIEMs provide indicators that an analyst start to review, Phen takes on the early, more tedious, stages of the analysis. This allows the analyst to work on more difficult problems and solutions.
We also have “Big Data” add-ons to provide Phen vision into activities as they cross systems and hop through the network. The SLA has the ability to plug into other existing systems and monitors failed logins from single or multiple hosts. As insecure connections occur it can detect these vulnerable encryptions and alert Phen. Expired certificates mean that the website is most definitely unsecure, and it sends that information SLA provides the security necessary to guard and protect these key information assets.”
SLA is providing major cost savings by working with analyst and providing coverage for hard to find IT workers. Phen allows the analyst to focus their energies on real problems that are more complex and manages the tedious daily tasks and maintenance.
The SMART LogAnalyzer utilizes the Hadoop Distributed File System (HDFS) cloud storage system (Cloudera) for collection and processing of device logs. Cloud storage allows for continuous growth of log storage that enables new cases in log analysis for security purposes. Since cloud storage is built on commodity hardware, and expandable on demand, it reduces the cost to start and grow new data sets.