The foundation of any SIEM is data comprehension. X-SIEM™ combines the features of Next-Generation SIEM (NG-SIEM) and Extended Detection and Response (XDR) in a cross-platform framework. Fluency’s technology is built on the concept that disruptive technology can only be successful if it works, doesn’t break stuff, leverages what is already there, and deploys easily.

Our Fluency X-SIEM™ is just that, a cloud-based NG-SIEM. Fluency ingests network logs, endpoint protection, endpoint detection and response, mobile, SD-WAN, and cloud data. It then provides the needed framework to alert, investigate, hunt, and respond to issues. Its automated case management system keeps analysts from being overloaded – creating unmatched levels of efficiency.

Additionally, Fluency's Behavior Watch engine provides the first phase of clarity by using live Lucene searches to select elements of interest. Streams of data are converted into understandable metrics displayed on customizable reports and dashboards. Each watch node generates histogram data for display and analysis, leveraging Fluency’s list manager to change cryptic codes into understandable language. Lists can also be updated by threat intelligence and used as an alternative to searching live data.

Seeing the network activity of remote users for behavioral analytics without network security devices is critical. Fluency’s Network Reconstruction creates an image of network activity by reconstructing it from host-based telemetry data found in endpoint detection and response products (EDR). With deployed EDR, like SentinelOne Complete, there is no change in the architecture and no additional agents to deploy. Fluency listens to the raw streaming data of the agents and determines processes and their associated communications. The result is regained infrastructure visibility, even when there is no corporate network. Now threat reputation and network-user-entity behavioral analytics can be properly done. This removes the latency and network jitters from in-the-cloud proxies and VPN tunnels. It also makes securing remote workers simpler and more effective.

Look at the output. The 'azo.exe' file in this attack appears to the analyst as a file download triggering a high number of network anomalies. This communication was reconstructed by the agent's telemetry data and deeply integrating into our patented components. Fluency directly related this activity to the SentinelOne's quarantined threat. Network visibility is critical in the understanding and remediation of the threat.

Finally, it's case management done correctly. Your analysts can be protected from overwhelming alerts using Fluency’s workflow engine that keeps analytics focused on what is being addressed and what is new. No other solution offers a truly automated investigation process. Incoming alerts are first compared to existing alerts to prevent being bothered by variations of the same alert. Alert signals interact with the case workflow manager to ensure that incoming alerts are not a simple variant of a known case and if so are flagged accordingly. Cases are also grouped, providing a previously unavailable higher view. Analysts consistently praise the power of Fluency’s case workflow, as it keeps them informed and focused on actual high priority results. It only makes sense to measure results based on outcomes and not the number of alerts closed.