Securonix SIEM as a service has behavior analytics baked in

Organizations that want to concentrate on finding and removing threats using advanced techniques like user and device analytics would find a perfect match in the Securonix SIEM.

User hands on a laptop keyboard have a digital overlay reflecting data/analytics/tracking.
HAKINMHAN / Getty Images

Securonix began as a maker of traditional security information and event management (SIEM) devices way back in 2007. Then around 2009, the company started to branch out into user and entity analytics, where it made quite a name for itself. Now, Securonix is combining those two areas of expertise into a cloud SIEM that is offered as a service.

Unlike most SIEMs, users don’t need to connect other cybersecurity programs or devices into the Securonix service. It comes with its own identity modeling engine, behavioral analytics, traffic analysis capabilities and the ability to uncover threats and suspicious activity with very little setup. The Securonix SIEM works by looking at user and device behavior and then applying machine learning and threat intelligence to rank both known threats and anomalous events that could be indicators of compromise. It’s also adept at grouping incidents into threat chains that link seemingly disparate actions into threat campaigns in the same way as an advanced threat hunter.

Currently the Securonix SIEM only works with Amazon Web Services. Technically, the SIEM’s code is also available for installation in other clouds or on-prem, but setting it up this way you would lose all of its instant updates and other support, so it’s probably best to use it exclusively with AWS for now.

Setting up the SIEM is very quick. AWS cloud assets can immediately be tied with the SIEM, while physical assets require a small collector. The collector, which can be deployed as a virtual machine, collects data, compresses it, encrypts it and then sends it to the SIEM for analysis. While Securonix doesn’t actually monitor the threats that the SIEM uncovers, it does ensure that it has the most recent threat intelligence and that its machine learning engine is operating efficiently.

To continue reading this article register now

The 10 most powerful cybersecurity companies