Businesses do not operate the way they did ten years ago, so why does your SIEM? The frustration and fear that you feel is from building an infrastructure that your network security cannot secure. It never will because your infrastructure is bigger than your corporate network. It has expanded into the cloud, out on the road, into people’s homes and even with their personal assets. Today’s hybrid workforce is possible because you run an infrastructure, not a network. Why buy a SIEM designed for network security?
Fluency offers a complete approach. Fluency collects network data, including SD-WAN, but goes beyond the office, collecting cloud service data, like Office365 and G-Suite, and endpoint detection and response (EDR), like CrowdStrike and SentinelOne. Collection is only the first step, Fluency normalizes, error checks, validates, and fuses data. Then it runs behavior analytics and machine learning to find gaps in coverage between signatures and threat intelligence feeds. Finally, automated workflows empower automated and supervised responses improving operations efficiency and dwell time reduction.
The foundation of any SIEM is data comprehension. X-SIEM™ combines the features of Next-Generation SIEM (NG-SIEM) and Extended Detection and Response (XDR) in a cross-platform framework. Fluency’s technology is built on the concept that disruptive technology can only be successful if it works, doesn’t break stuff, leverages what is already there, and deploys easily.
Our Fluency X-SIEM™ is just that, a cloud-based NG-SIEM. Fluency ingests network logs, endpoint protection, endpoint detection and response, mobile, SD-WAN, and cloud data. It then provides the needed framework to alert, investigate, hunt, and respond to issues. Its automated case management system keeps analysts from being overloaded – creating unmatched levels of efficiency.
Additionally, Fluency's Behavior Watch engine provides the first phase of clarity by using live Lucene searches to select elements of interest. Streams of data are converted into understandable metrics displayed on customizable reports and dashboards. Each watch node generates histogram data for display and analysis, leveraging Fluency’s list manager to change cryptic codes into understandable language. Lists can also be updated by threat intelligence and used as an alternative to searching live data.
Seeing the network activity of remote users for behavioral analytics without network security devices is critical. Fluency’s Network Reconstruction creates an image of network activity by reconstructing it from host-based telemetry data found in endpoint detection and response products (EDR). With deployed EDR, like SentinelOne Complete, there is no change in the architecture and no additional agents to deploy. Fluency listens to the raw streaming data of the agents and determines processes and their associated communications. The result is regained infrastructure visibility, even when there is no corporate network. Now threat reputation and network-user-entity behavioral analytics can be properly done. This removes the latency and network jitters from in-the-cloud proxies and VPN tunnels. It also makes securing remote workers simpler and more effective.
Look at the output. The 'azo.exe' file in this attack appears to the analyst as a file download triggering a high number of network anomalies. This communication was reconstructed by the agent's telemetry data and deeply integrating into our patented components. Fluency directly related this activity to the SentinelOne's quarantined threat. Network visibility is critical in the understanding and remediation of the threat.
Finally, it's case management done correctly. Your analysts can be protected from overwhelming alerts using Fluency’s workflow engine that keeps analytics focused on what is being addressed and what is new. No other solution offers a truly automated investigation process. Incoming alerts are first compared to existing alerts to prevent being bothered by variations of the same alert. Alert signals interact with the case workflow manager to ensure that incoming alerts are not a simple variant of a known case and if so are flagged accordingly. Cases are also grouped, providing a previously unavailable higher view. Analysts consistently praise the power of Fluency’s case workflow, as it keeps them informed and focused on actual high priority results. It only makes sense to measure results based on outcomes and not the number of alerts closed.
90 days hot
Full year cold
Webroot Reputation Feed
All NG-SIEM Capabilities
Includes the cost of SentinelOne Complete with Heemes
EDR Telemetry Data
Virtual Flow Technology
Fixed by Agent Pricing
X-Complete is available with full services as part of FortifyXDR's Managed Detection and Response (MDR) Services
Security gets stronger by sharing what we know.
As a Chief Information Security Officer (CISO), you are tasked with blending c-suite objectives with technology. You need tools that help balance security with the success of the organization.
Parked domains serve as excellent targets for cybercriminals. As noted in reports highlighted by Cisco Umbrella as far back as 2012, parked domains are among the top categories of websites that serve malware.
In this episode of Beers and Bites Mo Cashman joins us.
Send us a note if you want to see the impact of Fluency with your data.
6411 Ivy Lane, Suite 302 - Greenbelt, MD 20770