Fluency’s vision empowers decisions through a holistic view of the network, fusing the ability to monitor traffic with SIEM-like capability. Fluency provides clarity & measurable value by leveraging Big Data & Packet Monitoring to provide more information, not less; additionally Fluency is open & integrates with existing deployed security solutions protecting investments made while providing measurable, complementary value & an extremely quick ROI from the day implemented.
****Fluency In The Press:
- RSA Selected as 1 of 9 Most Innovative Security Products of 2015 (Only Breach Offering Selected) - 04/15
- CRN Selected #6 of the 10 Coolest Security Startups of 2015 - 07/15
- CRN Selected as 1 of the Top 25 Disrupters (Across all IT Disciplines) of 2015 - 08/15
2. Fluency
2
Next Generation Incident Response – Real Time Network
Visibility
Next Generation Incident Response utilizing Big Data Analytics.
Fluency’s speed provides the capabilities of ingesting network
flow data as well as multiple log feeds from disparate security
solutions. Fluency analyzes, fuses, cross correlates flow & log
data. Fluency then further validates the alerts against reputation
& validation engines.
3. Three Things
3
Records all attributes & events performing real time analytics.
No other product can do this at high bandwidth speeds.
Captures all files being transported via http & reviews with all
known AV products.
Incorporates Flow Analytics to determine events that did not
trigger detection.
Fluency does better than any security offering in the
marketplace
4. Single View, Multiple Perspectives
4
Provide an integrated view organized by flow
Third Party analysis of
artifacts
Blue Coat MAA and
VirusTotal
Meta provides insight
indirect to the event
itself
Fluency Metadata sensor
Derived data provides
insight from interaction
Deployed IPS, IDS,
Firewalls and Web Filters
Validation Metadata Derived Data
6. Same Approach Always
‣ High End-High Load Implementation Current Fluency deployment
includes 1 of 13 root DNS servers. Requirements include 10Gbps access points. Fluency’s
F-10 offering meets the requirements of over 30,000 EPS & 6,000,000,000 events per day.
‣ SMB/Remote Office Implementation Fluency’s F-250 provides a
250Mbps inline bypass network interface; no tap needed. ESET Antivirus is built into the
system scanning transmitted files. Provides the full flow capability of the high-end offerings
at a lower investment.
6
Fluency provides offerings from 100Mbps to 10Gbps
F-250 F-1 F-5 F-10
250 Mbps 1 Gbps 5 Gbps 10 Gbps
7. Fluency
7
Architecture
Fluency is deployed in a combination of Sensors & Big Data
Analytic Servers
The Sensors collect Metadata Network Flows (MetaFlows), Full
Packet Capture plus events from other devices
• Monitors the Network
Big Data Analytic Servers find gaps & direct response to provide
the means to remove issues
• Patent Pending Big Data Backend
8. Increase of detected security
incidents in 2015 (PWC Study)
Organizations don’t have
sufficient security resources
to review dramatic > in
number of alerts
8
Numbers from multiple studies
Invest in Response tools that
incorporate Big Data analytics &
cross correlation, radically reducing
staffing requirements & the number
of alerts needing review to a
manageable number
Fluency Answers
$7,700,000 Avg.
Financial Cost
per Breach
Issue SolutionImpact
Emphasis Today is Detection;
Sound Security Posture Requires Focus On Response
137% Increase
9. WHY
9
Security is broken.
Today the focus is on
detection. The real need is
how to execute a response
consistently, comprehensively
& continuously.
HOW
Fluency Big Data
Provides the ability to handle
vast amounts of data. To do this,
data without relationships.
Instead of joining data, Fluency
performs recursive calls.
10. Alert Lifecycle in an Incident
10
Key events detect an aspect of an attack
Alert is a message with attributes (client address, server address,
server host name, user name …)
Tag
Attributes of an attack can be marked malicious, such as server address
and server host name
Scope
Determine other addresses associated with the server host name
Track
Watch to see if these attributes appear on other communications
regardless of the original alert message
11. Recover
Resolving Issues
11
Focusing on Detection, Hinders Response
Validate Scope Track
Provide
Supporting Data
Perspectives that
Confirm Detection
is Correct
Determine if
Associated
Attributes are
Malicious. Pivot
on new scope till
no new malicious
attributes
Determine assets
to freeze &
recover, while
preventing flow
from threats
Continually watch
threats & their
attributes to insure
that there are no
new related flows
12. Scope, Categorize & Pivot
12
Tasks an analyst does repeatedly
Scope: Determine all attributes & artifacts associated
with a negative attribute
Categorize: Determine if associated attribute is negative
Pivot: Review the scope of any negative attribute
Search Speed limits the number of pivots
13. Key Events
File Capture to Analysis Process Built In
!
!
!
Tags
Antivirus
Alerts
?Perspective
14. Vision
14
Provides the means to
merge the alerts
detected & not detected
by deployed solutions to
Fluency's perspective.
Fluency provides a
holistic/comprehensive
picture, not the
snapshot organizations
see today.
15. 15
The Power of Search
If Google took 3 minutes to perform a search; would anyone use it? NO. One
should expect the same from their Incident Response process. Fluency’s patent
pending Big Data Analytics technology provides the ability to search
billions of events in sub-seconds.
21. Fluency
21
Fluency RSA SA McAfee Nitro Lancope Blue Coat Fidelis FireEye ArcSight
NGIR Components
Full Packet Capture
Metaflow Capture Netflow Netflow
File Extraction
Big Database Arc Logger
Real-time Search
Full Field Indexing
Integrated Components
Threat Feeds Internal Internal Internal
Reputation Feeds Internal Internal Internal
Validation Engines Sophos
Workflow
Automated Response Mar ‘16
Cloud Option
Multi-tenant
Next Generation Incident Response (NGIR)
Fluency is at the forefront of this developing market segment utilizing patent pending Big
Data Analytics & incorporating Full Packet Capture
22. What Customers are Saying
22
Fluency’s integration into the Cisco ASA platform has
enhanced American Fidelity Assurance Company’s
investment in our deployed Cisco ASA environment and
improved our security posture. Specifically, Fluency
added additional value by being able to identify, track,
and mitigate security issues in a timely and efficient
manner.
“
”— David Maberry
Chief Risk Officer
23. Fluency
• Accomplishes the fusion of events of the server & the customer’s 10Gbps access point in
an environment with requirements of over 30,000 EPS & 6,000,000,000 events a day.
• Reduced number of alerts needing analysis from 450,000,000 to 16 per day.
• Discovered 12 actionable incidents that affected 14 devices in 14 days that existing
security systems (IPS, Anti-Virus, Etc.) did not detect.
• Detected an internal host communicating with 696 IP’s located in 46 different countries,
that triggered 6 alerts that other security solutions deployed in the environment trusted.
• Discovered > 620 infected machines & 130 C&C systems with more than 10GB of data
leaving per day. All deployed solutions showed the attack was prevented. Fluency
exposed there was a breach & provided timely resolution.
Next Generation Incident Response – Realized Value from Customers/POVs
23
24. Industry Buzz - Click on each to learn more
24
04/20/15
07/15/15 08/03/15