The Breach Analytics Framework is the heart and soul of Click Security’s solution. It provides essential intelligence to security team applications by managing data consumption, stream processing of all alerts/indicators, and handling of third-party threat intelligence, while maintaining state on each and every actor at all times.
Click Labs breach analytic and kill chain profile processing
Intelligence feed management – blacklists, geo-location, ASN, etc.
Analytic development support and correlation framework
How it works
The framework provides the technical underpinning that enables our solution to rapidly identify the “signal within the big data noise” derived from running the right analytics, which begets the right data sources. Utilizing network traffic, event logs, and even file content sets it apart from “point security analytic players” focused on user identity, application behavior, or file analysis alone.
Operating at the juncture of these worlds enables unique and highly extensible event and kill chain pattern analytics that detect a broad array of attack activity with speed and contextual accuracy. Now, the number one problem all organizations face today of too many alerts and not enough context so the real signals are missed until it is too late, can be overcome.
This is accomplished by the Breach Analytics Framework’s inherent capabilities:
- Places analytics into a stream processing engine capable of holding actor state in memory, such that the next event, alert, or other indicators are linked to weeks to months of actor state tracking – enabling rapid, contextual detection of early kill chain activity
- Integrates third-party intelligence sources for richer actor augmentation and profiling
- Arbitrates memory and cache-based metadata for both real-time profile scoring and visual interaction by analysts
- Provides for easy insertion of new analytics from Click Labs
- Tracks interactive investigative steps for automatic creation of new customer-driven analytics