SureLog is a next-generation SIEM solution with a powerful correlation engine. Its rule based correlation engine with taxonomy has a superior detection capability. Additionally, SureLog has a Machine Learning detection module. What machine learning offers is the ‘many-eyes' option. With the experienced scientist point of view SureLog has placed its bets on the combination of rule based correlation, human and machine intelligence in its most recent cybersecurity efforts, which reduces the time it takes to detect and respond to cyberattacks. A key differentiator is our unique approach to use machine learning, rule based correlation and human intelligence in parallel.
SureLog was designed as a full scope tool that uses machine learning, rule based correlation algorithms and correlation framework for the security specialists to detect emerging threats.
1. Intelligence in SureLog SIEM
ertugrulakbas@anetusa.net
SureLog is a next-generation SIEM solution with a powerful correlation engine. Its rule based
correlation engine with taxonomy has a superior detection capability. Additionally, SureLog has
a Machine Learning detection module. What machine learning offers is the ‘many-eyes' option.
With the experienced scientist point of view SureLog has placed its bets on the combination of
rule based correlation, human and machine intelligence in its most recent cybersecurity efforts,
which reduces the time it takes to detect and respond to cyberattacks. A key differentiator is our
unique approach to use machine learning, rule based correlation and human intelligence in
parallel.
SureLog was designed as a full scope tool that uses machine learning, rule based correlation
algorithms and correlation framework for the security specialists to detect emerging threats.
Rule Based Correlation Engine
Rule-based correlation uses traditional correlation logic to analyze collected information in real
time. All logs, events, and network flows are correlated together with the power of taxonomy
module. Real-time event correlation is all about proactively dealing with threats. Data breaches
are on the rise and hackers use highly targeted attacks to intrude upon enterprise networks and
steal sensitive data. Protecting your network data from attackers involves detecting security
threats at its early stage. Security investigators need to determine whether a suspicious event or
chain of security events that had happened on the network is a potential security threat or not.
Manually investigating events across the network from various log sources and correlating them
to formulate an attack pattern will be a herculean task for the security investigators.
To effortlessly identify the possible intrusions in the network, you need to have an automated
effective correlation engine that gives a complete scope of any security incident by building
relationships between events happening across your network infrastructure.
Detection Framework
SureLog SIEM is a security platform which differs from many SIEM products. The main
difference is; correlation engine is rule based plus a framework which you can embed your own
logic. There is no restriction in the logic because you can develop your logic in JAVA including
Machine learning, statistical methods and artificial intelligence. SureLog is ready for the
fallowing libraries also.
https://www.tensorflow.org
http://mahout.apache.org
https://github.com/padreati/rapaio
http://commons.apache.org/proper/commons-math/
http://math.nist.gov/javanumerics/
2. As ANET, our mission is to build a software company that embraces an "open
development philosophy" and provides innovative solutions in collaboration with
customers specific needs. ANET is dedicated to providing the most technologically
advanced, Intelligent Log Management Solution available today by enabling customers
to efficiently tackle the daunting tasks involved with Log Management, while letting
customers achieve compliance with the stringent government regulations.
For more information pleasevisitwww.anetusa.net
Behavior profiling: Automatically classifies and profiles all log and network activity by application,
protocol, geography, network location, ports as well as many other categories, and tracks all related
traffic statistics. Behavior analysis capabilities can be applied to all data parsed from log sources as
this capability enhances rule-based correlation.
Machine Learning
SureLog ML module is a MLLib based Bayesian clustering algorithms to detect threats. MLlib is
Spark’s machine learning (ML) library.
The machine learning component of SureLog contains routines for performing suspicious
connections analyses on traffic data. These analyses consume a collection of firewall events and
produce a list of the events that are considered to be the least probable, and these are consider the
most suspicious.
SureLog infers a probabilistic model for the network behavior of each IP address. Each network
log entry is assigned an estimated probability (score) by the model. The events with lower scores
are flagged as “suspicious” for further analysis.
SureLog unique method combining rule based correlation, machine learning and human
intelligence amplifies security operations.
SureLog’s scalability and machine learning capabilities support an ML-based applications that
can run simultaneously to provide organizations with maximum analytic flexibility.