1. Product Overview
September 15, 2015
IKANOW reduces the signal to noise ratio by strengthening your security posture and improving situational
awareness, which leads to reduced alerts, improved visibility, and enhanced actionable data. It continuously
optimize enterprise cyber security, allow organizations to measure and sharply reduce risk across the
enterprise with high-throughput, data-agnostic analytics.
PROBLEM: BIG DATA IS TIMELY AND REQUIRES INTEGRATION WITH DIVERSE DATA
SOURCES AND ANALYTICS TOOLS
An average time to dissolve an attack takes 32 days with a cost of $32,500 per day for a total cost of over $1
million per attack. As attackers continue to change their methods of attack, Security professionals need to
be just as proactive by using a combination of tools and techniques to combat the latest round of threats
swiftly and effectively.
According to an article by Cyber Defense Magazine, “It takes time to analyze the data, and it's difficult to
separate the important information from the background noise. A combination of “lots of data” and “little
insight” as well as the proliferation of persistent, professional attackers has left many defenders
demoralized, defeated, and actively looking for ways to finally extract signals from ever-increasing noise.”
SOLUTION: BIG DATA REQUIRES FAST ACCESS TO DATA FROM VARIOUS SOURCES IN
DIFFERENT FORMATS
According to Gartner’s report, “Big Data will Revolutionize Cyber Security in the Next Two Years … “big data
requires the collection of information from various sources and in different formats … to collect, index,
normalize, analyze and share all the information... Big data analytics gives enterprises faster access to their
IKANOW Optimized Enterprise Information
Security Analytics (ISA)
Scalable, Flexible, Performance Threat Intelligence Platform:
Combining SIEM and Threat Intelligence Data with Customized, Robust Analytics
IKANOW ISA Security-in-Layers Platform
2. Product Overview
2
own data than ever before. Big data analytics enables enterprises to combine and correlate external and
internal information to see a bigger picture of threats against their enterprises.
IKANOW provides a cyber and risk analytics platform that enables organizations discover, visualize, and
communicate meaningful insights from a variety of sources. These sources include private threat intelligence
feeds, open-source data, network logs, enterprise data, and social media. IKANOW ISA Delivers Accelerated
Decision Throughput by Recalibrating Security Posture that pivots from threat intelligence into enterprise
data and produce analytics to drive decision making in a timely and efficient manner.
IKANOW’S CONTINUOUS OPTIMIZED INFORMATION SECURITY ANALYTICS
Ikanow provides an open, extensible analytical framework to create a holistic intelligence environment and
construct a proactive cyber defense. IKANOW’s platform allows you to integrate disparate internal and
external threat feeds, create custom dashboards and visualizations for advanced analytics, and facilitates
collaboration and timely reporting throughout your organization. With our Intel-based approach, we can
detect the anomalies and trends missed by standard compliance tools and limit the damage caused by
malicious actors.
IKANOW brings together multiple sources of data, including SIEM, security analytics, and threat intelligence
into an easy-to-deploy, scalable, and flexible platform that allows users to pinpoint and prioritize threats to
their network. It optimizes Enterprise Security with by enabling massive searching and scaling capability that
can handle volumes of data.
HOW IKANOW WORKS: DATA INGESTION, CURATION, ENRICHMENT
IANOW correlates data from multiple data feeds, social networks, as well as corporate security information
and event management (SIEM) data. The output can be as specific as identifying IP addresses that have been
affected by malware. Results of the analytics are presented in reports and a dashboard which allow threats
to be easily communicated, discussed, prioritized, and resolved. This is shown in Figure 1.
Figure 1. DATA Integration and Enrichment
ISA helps organizations constantly maintain an optimal security posture by aligning the strategic, tactical,
and operational aspects of the business. It does this with a set of core features which make it very easy to
ingest, curate and enrich data. Data sources are constantly entered into the IKANOW Threat Analytics
Platform and are continually visualized and reported on using cascading scorecards, enabling each
3. Product Overview
3
enterprise stakeholder to obtain timely results and drive the need for change in security posture
accordingly.
UNIQUE FEATURES
IKANOW ISA enables actively recalibrating your security posture by applying adaptable analytical techniques
and measurement tools that automate data ingestion and analysis, offering visibility that can save weeks in
detecting and defending against cyber security threats. The following are the IKANOW ISA platform unique
features:
Massive Scaling and Robust Searching
Flexible Integration: Connect with many Data Sources Ingestions
Flexible Integration: Connect with many Tools, Data Sources, Applications
Comprehensive and Collaborative Visualizations and Reports
MASSIVE SCALING AND ROBUST SEARCHING
IKANOW supports an important element to modern Analytics frameworks: the ability to scale massively that
can handle large volumes of data up to "Internet scale." Additionally, IKANOW provides data filtering and
organization tools that allows quickly identifying relevant data. Search options range from verb categories to
a selection of entity options that include the ability to tag and save past searches. Once search queries are
executed, further filtering options offer additional focus across multiple predefined options, such as recent,
oldest, and relevance.
You can search a combined set of data from disparate sources and formats to help uncover relationships
between internal and external data, hastening the ability to see potential threats and their impact across the
network.
FLEXIBLE INTEGRATION: CONNECT WITH MANY DATA SOURCES INGESTIONS
The next unique feature is the source ingestion process that easily adds new source data to the IKANOW
platform—structured, unstructured, or semi-structured in nature. This will all be done in a new clean and
light interface as shown in Figure 2.
4. Product Overview
4
Figure 2. Three-Step Data Ingestion
FLEXIBLE INTEGRATION: CONNECT WITH MANY TOOLS, DATA SOURCES, APPLICATIONS
ISA supports the use of multiple third-party tools and applications that can integrate into the IKANOW
platform. ISA is directly integrated with a growing number of third-party applications, including Kibana,
which can be accessed directly within ISA for direct comparability of log information.
ISA enables the use of Logstash to integrate Kibana and other third-party data analysis tools, allowing users
to read and process data through Logstash and analyze it through Kibana or any other tool at scale. It is built
on leading Open-source technology, Elasticsearch, Logstash & Kibana, Hadoop, MongoDB
Figure 3. Tools and Applications Integration
5. Product Overview
5
Using adaptable analytical techniques and measurements that automate the analysis process, including
IKANOW’s visualization and collaboration functionality, can help constantly optimize your security posture
by staying ahead of threats and reducing enterprise risk.
COMPREHENSIVE AND COLLABORATIVE VISUALIZATIONS AND REPORTS
ISA includes a series of reporting tools that enables one to compare threats and vulnerabilities by assigning
risk levels and tracking cost information—all to help you to determine your optimal security strategy.
ISA also offers a threat feed tool to aid your team in determining the ongoing value of threat feeds over
time. Additional visualizations are provided to help in identifying patterns across data and to identify
indicators of compromise most relevant to your team. This means you can create comprehensive
visualizations across all of your InfoSec analytics data. These visualizations can be shared with team
members throughout the analytical process and across levels of your organization. Enterprises can then
create the necessary structures to perform self learning in order to develop accurate pictures of results.
Figure 4. Visualizations and Reports
SUMMARY
IKANOW ISA platform integrates threat intelligence with enterprise data and then ingest, enrich, analyze and
visualize the results and thereby determine the risk level and security posture. It is a framework for
assessing and improving the security posture of industrial control systems (ICS).
This platform combines the right feed for your organization by enhancing the feeds with an analytics
platform that can dramatically improve an organization’s security posture.