Stay up to date on the latest postings from Fluency.
Award-Winning Cloud Security Information Event and Flow Management. What a SIEM should have been.
How data is handled provides compliance. Fluency provides the technical controls and a build-it process flow to support audit compliance.
Fluency provides limitless access to data, even as the volume data scales. Fluency Cloud is a process composed of messaging nodes that parse, index, correlate, enhance, fuse, score and store log messages. For our largest customer, Fluency processes eight to twelve billion messages a day, with spikes of half a million events per second. All done in a three-system cluster.
All messages are parsed into fully indexed JSON documents
Events of Interest
Fluency continues to gain industry recognition for it's innovation.
SOAR Platform of the Year
SOAR Platform of the Year
Voted Number One - Security Analytics
Fluency created a new type of database, LavaDB, designed to handle streaming data, which matches exactly with what audit and flow data is. It is contrary to the popular static data lake style of the industry. Think of this as a data river. Using LavaDB, Fluency reduces the overall operational cost, while providing larger data capacity and faster speeds.
SIEM designs up till Fluency are lazy. The approach was to parse the data and place it into a database where it is searched and analyzed by users and processors. There has been no innovation in the enhancement of data or the type of database. The result is a tremendous load on a generic database and a significant amount of data enhancement using static data queries. The result is a failure to scale, slow queries and limited realtime analytics.
In the early days of Fluency, LavaDB was designed as in-memory database to handle the needs of the Event Processing Engine. But as the Engine scaled to handle hundreds of thousands of events per second, the Elastic database failed to do so. Even in mid-sized companies, the Elastic backlog caused delays measured in hours between when data was processed and when it was stored in the database. That was not the only problem. Elastic was designed before the cloud was popular. While it works in a lab, it required significant person-power to operate. Tasks like log rotation and system updates made it unusable for day-to-day operations. In order for Fluency to provide a usable business solution that could collect all our customers’ data, we needed to remove Elastic. We replaced Elastic with LavaDB, which has an innovative streaming design. This design choice separates Fluency, providing it superior capacity and searching not achievable with other SIEMs.
A SIEM is built to collect all the alerts and then ask the user to make decisions. This is like asking a pilot to fly a plane only on the warnings provided by the instruments. This is why a SIEM is unusable. What a person really needs is ground truth, the ability to collect and search everything. As the amount of data increases, Fluency aids the person by providing risk scoring and correlation. Fluency highlights correlated events that demonstrate attributes of confidence. Correlation includes known user and device information, making response faster and more intuitive. With ground truth the person has the supporting data to confirm and respond to an issue. The result is that Fluency aids in resolving an issue, not just list warnings.
The more information there is, the better the picture. People think that more data is overwhelming. But the clearer picture is the one with the more pixels, and this is true for data analysis. Fluency high-capacity approach provides the superior picture of your network and its security.
Log Management is not simply parsing and storing records. Fluency is built to provide answers. Fluency provides fast access to data through simple search. The result of FLuency is compliance and clarity.
Data Retention has become the cornerstone for compliance. It has dominated security regulations for the last two years.
Multi-Year Data Retention
User and Device Correlation
Built-in Pseudonym Conversions
Immutable Records with Removable PseudonymsData Retention Infographic
Our ability to search large data made us a finalist at RSA's Innovation Sandbox. We never stopped working. Our database continues to outperform the competition.
50 times faster than Elastic
Fourteen times more memory efficient
100% JSON document compatible
On-demand CPU and storage allocation
High-availabilityRead About On Demand Search
Spend time understanding your data. Fluency's ease-of-deployment, ease-of-use approach focuses on data understanding, not interface understanding.
Information is converted to a full indexed searchable JSON documents
No database or system administration
Risk Scoring highlights Events of InterestRead More
Fluency's patented correlation approach fuses like data into a single record.
Correlated logs provide a clear understanding of what each product sees.
Unique fields are normalized, indexed and merged with related data to provide new insight.
Time-based data, like current user and assigned system are merged at that moment.
User and 3rd party tagging allows for custom data enhancement.American National Case Study
Fluency makes audit compliance easy. But being compliant depends on understanding of what requirements need to be addressed and having people, processes and policies beyond the security controls Fluency provides.
First, you need to determine what regulations, laws or standards that your organization is addressing in its operations. PCI DSS sets the simplest data retention requirement with 90 days hot and one-year cold storage. New York Department of Financial Services (DFS) has set their standard at three years cold.
A Data Privacy Officer is responsible for monitoring how an organization handles data. This includes being the authority on categorizing data and being a point of contact for compliance requirements and privacy.
Cold data is considered not immediately searchable. When data is stored for operations, the data should be immediately available for search. Searchable data is considered hot. But storing data in a data structure for searching is expensive and often unnecessary. PCI DSS defines that data should remain hot for a minimum of 90 days. After which, the logs still need to be stored if needed. This long-term not as easily accessible data is referred to as cold.
Privacy creates complexity in the handling of data. While laws require that audit trails be immutable (cannot be deleted), new data privacy laws require that personal identifiers in audit be able to be deleted. When a user's identifying data is to be stored, the audit system stores instead a pseudonym (unique one-way token that acts as a key). The key and related value for that pseudonym are stored in a table that allows deletion. When a user's identity is removed, it is done by deleting the pseudonym key-value. This allows other log data not to be deleted, especially when it contains other pseudonym that are involved in criminal or incorrect activity. Pseudonym are not one-way hashes for the value can be determined by brute force, a mistake that some large audit vendors are making.
Data Retention is priced on a capacity basis. it makes sense, this is a company's cost of goods. The standard to measuring cost for log management is the cost to store one gigabyte of raw data for 30 days, or gb/month. Fluency has the lowest gb/month available. Cloud solutions typically cost between four to five dollars, this includes open source cloud services. This cost difference is why Fluency customers are able to store everything and be audit compliant.
Security gets stronger by sharing what we know.
Our fullist of videos and blogs are here.
Send us a note if you want to see the impact of Fluency with your data.
387 Technology Drive. Suite 3119. College Park, MD 20742
+1 (888) 885-3569