Security Analytics

Security Analytics is one such technology that enables enterprises to perform analysis of all traffi­c passing through their networks, machines, systems, servers, subnets or routers. It compares the flowing traffi­c with the normal tra­ffic model to detect any anomaly in real-time. Once the attack is identified, or abnormal behavior is sensed, an alert is sent to the security administrator. Intrusion detection systems (IDS) use intrusion detection and preventions mechanisms to identify possible incidents, log information about them, attempt to stop them, and report them to security administrators. Aricent o­ffers engineering services and big data analytics based intrusion detection enabling software solution to enable enterprises detect any known or unknown anomalies in their networks and systems to prevent or control any security threats.

Read more
  • ALT TEXT img 2

Security Analytics

Security Analytics is one such technology that enables enterprises to perform analysis of all traffi­c passing through their networks, machines, systems, servers, subnets or routers. It compares the flowing traffi­c with the normal tra­ffic model to detect any anomaly in real-time. Once the attack is identified, or abnormal behavior is sensed, an alert is sent to the security administrator. Intrusion detection systems (IDS) use intrusion detection and preventions mechanisms to identify possible incidents, log information about them, attempt to stop them, and report them to security administrators. Aricent o­ffers engineering services and big data analytics based intrusion detection enabling software solution to enable enterprises detect any known or unknown anomalies in their networks and systems to prevent or control any security threats.

Aricent’s Intrusion Detection EnablingSoftware (IDS)

Aricent’s Intrusion Detection Enabling Software(IDS) solution can beleveraged to build anomaly-based detection to compare definitionsof what activity is considered normal against observed events toidentify significant deviations. An IDS that leveragesanomaly-based detection generates models that represent thenormal behavior of such things as users, hosts, networkconnections, or applications. The models are developed bymonitoring the characteristics of typical activity or task or processover a period of time.

Features

The key features are:

Data Processing:

  • Flume agents collect the data and transfer it to Kafka layer
  • This data is also stored into the HDFS which can be viewed using the Hive for future reference
  • The Spark streaming processing framework runs the data against the model
  • Detected anomalies are written to a Cassandra database and also sent to alert queues

Algorithm:

  • Spark Machine Learning is used for building models based on the configuration for the trained data. K-means algorithm has been implemented for anomaly detection
  • Aggregation/Normalization is also performed to reduce the number for false positives which is signature based

Visualization:

  • Alert and reporting dashboards are created using the HTML5/CSS3 and D3.JS leveraging data from Cassandra database

Benefits

  • Gain competitive advantage
  • Mitigate risks effectively
  • Extensive product engineering experience
  • Domain-specific solutions
  • Quicker time-to-market
close

Contact us