Securonix SNYPR is a big data security analytics platform built on Hadoop that utilizes Securonix machine learning- based anomaly detection techniques and threat models to detect sophisticated cyber and insider attacks. SNYPR uses Hadoop both as its distributed security analytics engine and long-term data retention engine. Hadoop nodes can be added as needed, allowing the solution to scale horizontally to support over 100, 000 events per second (EPS).

Features

• Supports a rich variety of security data, including security event logs, user identity data, access privileges, threat intelligence, asset metadata, and netflow data.
• Normalizes, indexes, and correlates security event logs, network flows, and application transactions.
• Utilizes machine learning-based anomaly detection techniques, including behavior profiling, peer group analytics, pattern analysis, and event rarity to detect advanced threats.
• Provides out-of-the-box threat and risk models for detection and prioritization of insider threat, cyber threat, and fraud.
• Risk-ranks entities involved in threats to enable an entity-centric (user or devices) approach to mitigating threats.
• Provides Spotter, a blazing-fast search feature with normalized search syntax that enables investigators to investigate today’s threats, and track advanced persistent threats over long periods of time, with all data available at all times.
• Includes comprehensive case management features that allow multiple teams to collaborate on investigation and response.
• Provides the Investigation Workbench to detect links across disparate datasets to enable quick investigations and hunting for cyber threats.