Vendor Securonix  

Flagship product Securonix Security Analytics Platform 

Cost $100K and up. 

Innovation Application of security analytics to the problem of behavior analysis. 

Greatest strength Deep experience in analysis algorithms and machine learning.

Securonix

Securonix is heavy on the threat analysis piece. And not just a particular threat. This is a product that really enjoys drinking from the Big Data fire hose. Lest you think that we have succumbed to marketing hype and are tossing around buzz phrases, such as “Big Data," let us assure you that we mean it in the strictest sense. Big Data usually is defined by the four Vs: high velocity, variability, volume and veracity. That means that this Innovator can ingest lots of data that is rapidly changing and is being delivered and ingested at wire speeds all while losing none of its integrity. So, the next question is what can the tool do with this data? The answer is just about anything you want.

The reason for this very directed approach is that Securonix started out as analytics specialists and built from that basis of expertise. They believed that there was a big hole in most security programs. These programs start by looking at everything on the enterprise in terms of identity. They realized that since they were attaching the right ID to everything on the enterprise, there might be a lot more that could be done to protect the network. So they added behavioral analytics, making them the only pure-play security analytics provider.

The system creates baselines, understands what "normal" is, and picks out anomalies. It does not rely on signatures or policy-based analysis because those things, by themselves, don't work. The Securonix platform is very heavy on anomaly detection and assessing outlier behavior. Then it correlates discovered behavior with many threat intelligence feeds and brings in contextually rich information.

One neat example is that they can connect directly with an HR system to identify high risk employees based on their behavior. As far as we know, they are the only folks that do this. They also are able to catch significant breaches very early in the game, preventing damage to data or the system. Sophisticated algorithms and machine learning are the heart of their systems. Unauthorized access is the cornerstone, and their algorithms pinpoint that based on behavior. The tool is centrally deployed and uses no agents. They leverage all existing security apps and watch logs in real time.