Advanced Threat & Log Analysis Service is the next generation of threat detection and response services, powered by Security On-Demand’s proprietary behavioral risk analysis and correlation platform, ThreatWatch. Advanced Threat & Log Analysis is central to an organization’s information security program and technology infrastructure by providing an integrated view of security information and risk activity observed within the company. Unique within the industry, Security On-Demand’s correlation system uses big data analytics to reduce massive amounts of security, log, and user data down to a manageable number of alerts.
“We have moved beyond the point where reactive security monitoring is sufficient. Attackers have time to design an attack. They are stealthy, sophisticated and automated. Oftentimes, just one of their activities alone doesn’t appear to be a threat, but when several small actions are viewed in context, a much clearer picture emerges”, said Peter Bybee, CEO of Security On-Demand. “This is what we excel at, putting the pieces together to understand the full context of what is happening in a customer’s environment so we can detect and respond to threats and attacks much faster.”
Advanced Threat & Log Analysis is different because it is able to analyze the full breadth of log data, including both blocked and allowed traffic. Most providers make pre-determined decisions as to what information they will not log or analyze. For example, most only store metadata for events of interest or will only monitor blocked or denied traffic. Attackers have figured this out and now use it to their advantage by disguising their efforts as legitimately allowed traffic. During pre-launch testing, Security On-Demand identified numerous incidents where evidence from allowed traffic led to the discovery of a data breach or intrusion. You can read about one such use case on our blog.
Combining the visibility and control afforded by the service with the advanced behavioral analysis capabilities of ThreatWatch 2.0, included as part of the solution from Security On-Demand, the company can provide organizations with full situational awareness and behavioral context to significantly improve the ability to detect advanced threats. Faster detection means faster response, faster containment, and less damage and impact.