empow’s native artificial intelligence, natural language processing and cause-and-effect analytics now ingest user and account activity logs to correlate all data source types covering all stages of the attack lifecycle.
empow, creators of a new kind of security information and event management (SIEM) system that detects and responds to cyber-attacks in real time and without rules, announced it has added native User/Entity Behavior Analytics (UEBA) functionality to its SIEM. With this capability, the empow SIEM now provides automated detection and adaptive response to threats across the entire cyber kill chain.
“User and account activity logs are important inputs for detecting attacks by malicious insiders or external intruders who have successfully compromised user account credentials,” said empow Founder and Chief Technology Officer Avi Chesla. “So UEBA is mainly useful in the middle and late phases of the cyber kill chain, but not in the earlier stages of the attack. Unusual user behavior is one indicator of an attack, but not the only indicator, and by itself not necessarily sufficient for making a clear actionable decision. empow has developed a complete system that uses artificial intelligence, natural language processing and machine learning – as well as behavioral analytics – digesting security logs, network-flows logs, as well as user and account activity logs, to automatically detect and respond to malicious activity across all phases of the attack life cycle, accurately.”
To gain the benefits of UEBA, organizations have traditionally had a choice between integrating standalone UEBA products into their existing rule-based SIEM infrastructures, or adding rule-based attack detection capabilities (such as those typical of existing SIEMs) to their UEBA products. Neither of these approaches is effective because rule-based detection systems cannot keep up with the ever-changing threat landscape and miss attacks. These solutions also do not provide automatic response (investigation or mitigation) capabilities.
empow has developed a new kind of SIEM that uses true artificial intelligence, along with machine learning and multiple types of analytics, including behavioral, to detect and respond to attacks. In the empow solution, UEBA is built into the SIEM at a native level, and the system takes unusual user, entity and account behavior into consideration – along with a number of other factors and indicators – when identifying and validating attacks. This maximizes the effectiveness of the UEBA functionality and improves overall attack detection accuracy.
empow’s native UEBA capabilities deliver several key benefits to security teams, including:
- Improved results with no additional investments or tools. UEBA is native to the empow SIEM and broadens the scope of detection and investigation. Customers benefit from faster and more optimized response to attacks – without the need to invest additional time, budget or resources.
- Works with existing data sources. empow does not duplicate data and does not force log infrastructure on customers. Instead, it works with existing open source or commercial log infrastructure, such as Elastic and other leading solutions.
- A wider security scope, still with no rules. empow requires no correlation rules across the entire security and network infrastructure. While some UEBA-based SIEM vendors will claim they do not require rules, that is only true for UEBA data sources. For empow, it is true for all data sources.
“empow makes our entire security operation better,” said Dannie Combs, senior vice president and chief information security officer for Donnelly Financial Solutions. “It integrates seamlessly with our existing infrastructure and data sources, detects and stops threats in real time without rules, and drives far greater ROI from our existing security tools. And now, we can add UEBA functionality with no additional product investment or integration work, because it is native to the system. If you drew up the ideal SIEM, this would be it.”
The inclusion of UEBA also makes empow the first company to deliver on all of the components of a complete next-generation SIEM, including:
- Flexible data ingestion from all log and data sources, either directly from the security infrastructure or indirectly (via intermediate log storage and management systems), without requiring the development of complex parsers for new data sources.
- AI-driven classification of security events, which leverages natural language processing (NLP) on both machine- and human-readable threat intelligence from internal and external sources, to understand the intent behind each event.
- Auto-correlation using cause-and-effect analytics to automatically validate and prioritize attacks, and reveal the complete “attack story” – without requiring static correlation rules.
- Adaptive orchestration using the capabilities of the existing security infrastructure to actively investigate and mitigate (block) attacks, without requiring scripts.
“My advice to security teams is that if you haven’t already looked at a SIEM-based orchestration tool using inference and NLP for contextual understanding to improve mitigation, then add this task to your list,” writes Edward Amoroso, founder and CEO of TAG Cyber, an advanced cyber security advisory, training and consulting firm focused on enterprise and government CISOs. “And, you would be wise to give the empow team a call.”
About empow
empow is the developer of a new kind of security information and event management (SIEM) system that detects cyber attacks and automatically orchestrates adaptive investigation and mitigation actions in real time, without the need for human-written rules. empow’s innovative use of AI, including natural language processing (NLP), machine learning and cause-and-effect analytics, automatically understands the fundamental nature or intent of threats, finds the actual attacks hidden in the “noise,” and marshals the right security tools to respond when those attacks occur. This capability enables the empow SIEM to serve as an active “brain” for security infrastructure that detects, confirms and stops attacks before they can cause harm, while also maximizing the value of existing security infrastructure and slashing the need for human intervention. empow is headquartered in Boston, with an R&D office in Tel Aviv, and customers distributed across North America and Europe.
For more information, visit https://www.empowcybersecurity.com