KEYW uses acquired Sensage technology to form Hexis Cyber Solutions



Similar documents
With Cloud Defender, Alert Logic combines products to deliver outcome-based security

How To Buy Nitro Security

White Paper: Leveraging Web Intelligence to Enhance Cyber Security

Web Threat Detection 5.0, the second major release under RSA for the former Silver Tail

Using Monitoring, Logging, and Alerting to Improve ICS Security ICSJWG 2015 Fall Meeting October 27, 2015

SANS Top 20 Critical Controls for Effective Cyber Defense

The Cyber Threat Landscape

Vendor Landscape: Security Information & Event Management (SIEM)

Things To Do After You ve Been Hacked

CaaS Think as a bad guy Petr Hněvkovský, CISA, CISSP HP Enterprise Security

Ty Miller. Director, Threat Intelligence Pty Ltd

Achieving Actionable Situational Awareness... McAfee ESM. Ad Quist, Sales Engineer NEEUR

What is SIEM? Security Information and Event Management. Comes in a software format or as an appliance.

Cisco Advanced Malware Protection for Endpoints

Cisco Advanced Malware Protection for Endpoints

2012 North American Managed Security Service Providers Growth Leadership Award

Content Security: Protect Your Network with Five Must-Haves

QRadar SIEM and FireEye MPS Integration

GETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA"

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness

Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

SIEM 2.0: AN IANS INTERACTIVE PHONE CONFERENCE INTEGRATING FIVE KEY REQUIREMENTS MISSING IN 1ST GEN SOLUTIONS SUMMARY OF FINDINGS

Requirements When Considering a Next- Generation Firewall

Magic Quadrant for Security Information and Event Management

Whitepaper BEST PRACTICES FOR INTEGRATION AND AUTOMATION OF INCIDENT RESPONSE USING ENCASE ENDPOINT SECURITY

Nuix bolsters its e-discovery team and continues its push to information governance

INSERT COMPANY LOGO HERE

Guidance Software Whitepaper. Best Practices for Integration and Automation of Incident Response using EnCase Cybersecurity

Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center

The Sophos Security Heartbeat:

How To Protect Your Virtual Infrastructure From Attack From A Cyber Threat

Technology Blueprint. Assess Your Vulnerabilities. Maintain a continuous understanding of assets and manage vulnerabilities in real time

Vulnerability Management

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

場 次 :C-3 公 司 名 稱 :RSA, The Security Division of EMC 主 題 : 如 何 應 用 網 路 封 包 分 析 對 付 資 安 威 脅 主 講 人 :Jerry.Huang@rsa.com Sr. Technology Consultant GCR

IBM QRadar Security Intelligence April 2013

McAfee Network Security Platform

Advanced Threat Protection with Dell SecureWorks Security Services

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA

Continuous Network Monitoring

THE BLIND SPOT IN THREAT INTELLIGENCE THE BLIND SPOT IN THREAT INTELLIGENCE

HP ENTERPRISE SECURITY. Protecting the Instant-On Enterprise

Guidance Software Whitepaper. Best Practices for Integration and Incident Response Automation Using EnCase Endpoint Security

Security Intelligence Services.

Symantec Global Intelligence Network 2.0 Architecture: Staying Ahead of the Evolving Threat Landscape

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

Securely Yours LLC Top Security Topics for Sajay Rai, CPA, CISSP, CISM

QRadar SIEM and Zscaler Nanolog Streaming Service

Synergic Partners: Spanish big-data pioneer

Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform

All about Threat Central

Worldwide Security and Vulnerability Management Forecast and 2013 Vendor Shares

Combating a new generation of cybercriminal with in-depth security monitoring

Redefining SIEM to Real Time Security Intelligence

Security Analytics for Smart Grid

WHITE PAPER SPLUNK SOFTWARE AS A SIEM

Enterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst

Solera Networks, A Blue Coat Company SOLERA NETWORKS BIG DATA SECURITY ANALYTICS

VMware Integrated Partner Solutions for Networking and Security

Security Integration Splunk and ArcSight

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

Technology Blueprint. Protect Your Servers. Guard the data and availability that enable business-critical communications

Integrating MSS, SEP and NGFW to catch targeted APTs

SIEM Optimization 101. ReliaQuest E-Book Fully Integrated and Optimized IT Security

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges

Palo Alto Networks and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats

THE 2014 THREAT DETECTION CHECKLIST. Six ways to tell a criminal from a customer.

ESG Brief. Overview by The Enterprise Strategy Group, Inc. All Rights Reserved.

Zak Khan Director, Advanced Cyber Defence

ORGANIZADOR: APOIANTE PRINCIPAL:

RSA Enterprise Compromise Assessment Tool (ECAT) Date: January 2014 Authors: Jon Oltsik, Senior Principal Analyst and Tony Palmer, Senior Lab Analyst

Overcoming Five Critical Cybersecurity Gaps

DDoS ATTACKS: MOTIVES, MECHANISMS AND MITIGATION

High End Information Security Services

The Advanced Attack Challenge. Creating a Government Private Threat Intelligence Cloud

Security Intelligence

Boosting enterprise security with integrated log management

THREAT VISIBILITY & VULNERABILITY ASSESSMENT

Threat Intelligence: The More You Know the Less Damage They Can Do. Charles Kolodgy Research VP, Security Products

Automate the Hunt. Rapid IOC Detection and Remediation WHITE PAPER WP-ATH

SECURITY ANALYTICS MOVES TO REAL-TIME PROTECTION

Unified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice

Big Data and Security: At the Edge of Prediction

How To Create An Insight Analysis For Cyber Security

Решения HP по информационной безопасности

Do not forget the basics!!!!!

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense

Persistence Mechanisms as Indicators of Compromise

EXTENDING NETWORK SECURITY: TAKING A THREAT CENTRIC APPROACH TO SECURITY

Transcription:

KEYW uses acquired Sensage technology to form Hexis Cyber Solutions Analyst: Javvad Malik 13 Nov, 2013 In the virtual arms race, attack tools and techniques get shared among a wide range of actors with different motivations. Today's zero-day attack is tomorrow's commoditized tool that can be deployed by a 'script kiddie.' From a defender's perspective, detecting these attacks can be challenging, but it is half the battle action still needs to be taken in order to neutralize the attacker. Protection needs to be deployed rapidly and with minimal impact. KEYW has taken technology it acquired from Sensage and combined it with its own military intelligence expertise to form Hexis Cyber Solutions and its HawkEye family of products, which it believes can not only detect threats in real time, but can also offer immediate active defense capabilities. The company believes HawkEye has the potential to evolve at the same rate as the threat landscape. The 451 Take We've seen SIEMs bought out before and pulled into a broad portfolio of the acquirer, and we assumed Sensage would resurface as an offering within the KEYW product range. However, KEYW appears to have had a master plan brewing to target enterprises. Hexis Cyber Solutions gives the appropriate focus to its new offerings and demonstrates its commitment to the enterprise sector. Additionally, while we've witnessed a number of vendors ditching prevention in favor of pure detection, Hexis is looking to complete the circle by undertaking remediation too. This move should grab the attention of not just threat-detection providers, but also anti-malware vendors. Copyright 2013 - The 451 Group 1

Context KEYW has been on a strategic mission since around 2011. The company has deep technical expertise acquired from years of serving the US military intelligence community, but had ambitions to develop technology that could be deployed within enterprises and would be capable of detecting threats, in addition to a countermeasures package that could mitigate or remove threats automatically without human intervention. To serve this purpose, in October 2012 KEYW acquired Sensage, which provided 'big data' security analytical capabilities and experience in commercial operations. Other acquisitions in 2012 included technologies acquired from Rsignia and Dilijent Solutions. After a development period, the company made some significant hires, including Chris Fedde and Daniel Kuczkowski. Fedde is the former CEO of SafeNet; Kuczkowski was previously sales group VP for Oracle. In July KEWY announced the formation of Hexis Cyber Solutions as a technology subsidiary led by President Chris Fedde. Its head office is in Hanover, Maryland, but product management and database development teams will primarily reside in San Mateo, California. Products Hexis Cyber Solutions launched with its HawkEye family of products. This family includes HawkEye G, an active defense grid for countering threats, and HawkEye AP, an analytics platform (formerly the Sensage event data warehouse) for applications such as log management, call detail record, and risk and compliance applications. The company's HawkEye G product is an active defense technology that can detect, investigate, remediate and remove threats within the network before they can compromise sensitive data. Although some may equate active defense with 'hacking back,' Hexis defines active defense more closely to how intelligence departments would, as in taking action 'within' the enterprise environment against an adversary. The methodology begins by detecting threats that may have a very small footprint by analyzing large quantities of data spanning months and combining this historic data with real-time correlation capabilities. Once a suspected malicious activity has been detected, HawkEye G engages the threat by gathering further information. This can involve pushing nonpersistent software to an endpoint in order to conduct a forensic scan of the device. Once a Copyright 2013 - The 451 Group 2

threat is positively identified, HawkEye G establishes a progressive strategy to engage and remove the threat, which can be automated or manually executed. The company refers to this process as 'full spectrum threat remediation,' which means containment, isolation, observation, investigation and removal. This differentiates the remediation concept from traditional methods that would typically quarantine infected files. HawkEye AP, the analytics platform, is the advanced SIEM offering that was formerly a Sensage offering. It is positioned very much as a big-data security analytics warehouse, allowing agentless collection of any event with a timestamp. It claims an open architecture that is capable of interfacing with a variety of technologies, such as endpoints, network systems, storage, mobile products, other SIEMs, etc. All of the data can be stored in its native form rather than metadata, an aggregation or a normalized form, thus maintaining the integrity of data for future use. HawkEye AP also claims to offer the ability to access terabytes of event data in real-time, allowing users to perform correlations and contextual investigations against this data over time. This includes looking for anomalies in behavior relating to user, network, host and log file analysis. Hexis says that the use cases for the products do not end here. Due to the vast amount of information HawkEye collates about the environment, users can query the system for information not directly related to security, such as which users have a certain application installed, or to assist in standardizing software across the enterprise. Competition The HawkEye products cross over several areas of competition. The big-data security analytics side of the product will draw in competition from the likes of Boeing-owned Narus, BAE Systems-owned Detica (CyberReveal) and Red Lambda. On the SIEM side, vendors such as LogRhythm, Hewlett-Packard (ArcSight), IBM (Q1 Labs), McAfee (NitroSecurity), RSA (envision), Splunk, NetIQ (Sentinel), Trustwave, EventTracker and eiqnetworks will be compared with HawkEye AP. With its detection capabilities, we could see some overlap with anomaly-detection or network-monitoring providers such as RSA's NetWitness, Blue Coat Systems (Solera Networks) or AccessData Group. However, while we've seen a trend of companies such as RSA ditching prevention in favor of detection, Hexis has adopted the approach of not only detecting threats, but also remediating and Copyright 2013 - The 451 Group 3

removing them where possible. This will put the company up against the likes of FireEye, Sourcefire, Damballa, Palo Alto Networks, Norman Shark, ThreatTrack Security or any company that provides a degree of malware detection and removal. SWOT Analysis Strengths Weaknesses It's still early for Hexis, but it has the backing of KEYW and has built out a very well-rounded offering that goes beyond detection and provides remediation. If the product can perform as well as the company believes it can, it could cause other vendors to reconsider whether detection really is enough. Opportunities Threats A big-data platform has many uses, and although Hexis is selling its technology as a security product, we can envisage users utilizing the data and intelligence of the platform to extend its uses beyond security into more operational areas. New offerings in the market lack any credible reference or case studies to back up their effectiveness, and the impact of big-data security analytics and preventive measures aren't easily gauged. Hexis may need to build up some reference customers before it can truly demonstrate its value. There are several vendors in this increasingly crowded space, many of which have had a chance to sink their hooks into sizeable market shares. Prying them off and capturing market share for itself may provide an uphill challenge for Hexis. Copyright 2013 - The 451 Group 4

Reproduced by permission of The 451 Group; 2013. This report was originally published within 451 Research's Market Insight Service. For additional information on 451 Research or to apply for trial access, go to: www.451research.com Copyright 2013 - The 451 Group 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information