TITAN provides the ability to tie existing tools together, enhance operations, determine root cause and anticipate failure, which could impact performance of mission. It helps analysts filter “noise” to focus on actionable events, improving response time. TITAN is an integration of Logstash and Elasticsearch into an established Splunk eco-system.
• Insider Threat Detection
• Anomalous network activity
• Security Policy Manipulation
• Compliance Alteration Detection
• Malicious user reconnaissance detection
• Selective event modification and forwarding
• Operational processing and temporal data archiving
• Selective event, alert processing and forwarding
• Cost savings; data storage and indexer licensing
• Root cause analysis; cyber events
• Malware and virus detection
• Forensic analysis; temporal and real-time data
• Event linkage, relationship detection and visualization
Accelerate security life cycle management with the integration of Logstash and Elasticsearch into a Splunk eco-system.
Provides directed focus and correlation for analysts to help find needle-in-a-haystack issues and threats in the sea of network and SIEM data
Incorporates visual elements of “movement” to support active identification of state change and potential advanced threats
Compilation of disparate alerts/events into an identifiable threat chain and graphically depicts events and how their linkage could result in a compromise or breach
Identifies and displays connections between log messages that are collected from servers, workstations and network devices that otherwise might go unnoticed
An advanced analytics tool for big data environments
Handles both structured and unstructured data equally
An open source platform that is easily obtained, moderately complex to deploy and requires moderate Linux/Windows skills to manage and maintain
CyForce is currently working on enhancing the ELK Stack ecosystem with management interfaces, configuration wizards and mobile platform applications.