Single Unified Data Lake Powering Effective and Scalable Security Operations

Ingest, transform, index and store the right data to deliver effective and efficient
security threat detection and responses

Key Characteristics

Data Ingestion - Eliminating Blind Spot

Current isolated security tools leave data hidden in silos and blind spots across your security infrastructure. With the most powerful collection engine in the industry, the variety of data from the entire IT security infrastructure, including logs, network traffic, assets, users and applications can be collected and stored in a single unified data lake to provide 360 degree visibility. Open extended detection and response (Open XDR) drives confidence in your SOC team through visibility across IT infrastructure.

Data Transformation - Creating Contextual Records

Security data without context creates deficiency in both detection and response for security analysts. With Open XDR, we transform raw data such as packets and raw logs into actionable Interflow record with rich context through a series of processing including meta extraction from raw packets and parsing of raw logs, normalization to common fields, enrichment with multiple artifacts such as Threat Intelligence and fusion of many different data sources.

Data Storage - Fast Search and Threat Hunting

As data continues to grow, the legacy database can’t scale in  either volume or  search prevents efficient forensics investigation and threat hunting. We store data in a NOSQL database for large data volume in a readable and searchable JSON format with proper indexing for fast search and query. Forensic investigation and threat hunting can be done in seconds instead of hours and days.

Data Accessing - Building Applications and Third-party Integration

Data stored in the data lake can be accessed in variety of approaches, through the intuitive GUI for Google-like fast search and visualization, by applications such as automatic threat hunting, compliance reporting, or event-triggered alerting, via a rich set of APIs for easy integration with other tools like SOAR, or built-in data streaming application to legacy SIEM tools.

Data Scalability

Data Scalability - Unlimited Data Volume

To cope with the ever increasing data volume in today’s world in order to detect breaches, our data lake is built with a cloud native architecture with clustering for large data volumes. With Containers and Kubernetes as the building blocks with a light-weight micro-services architecture, it can both scale up and scale out in both compute and storage to meet the increased demand

Data Availability - Preventing Data Loss

It only takes minutes for a hacker to enter your network, and if at any moment data is lost due to a power, network or system outage, an organization may have lost total visibility into breach attempts. We realize the importance of data availability and have built multiple approaches, such as clustering, data replication, disaster recovery, warm-standby, data buffering, etc  to ensuring data loss is mitigated. (We can publish our HA solution note here)