FlowIntelligence™ IQ! Analyst

Advanced Analytics for Cyber Security

SOLUTION HIGHLIGHTS

Speed

  • Distributed search with concurrent queries across multiple cluster nodes
  • Index on write, with all data fields indexed
  • Schema on write of data, submit and receive query responses across multiple data indexes in minutes or less

Scale

  • Collect and ingest data from many high-speed network sensors or third-party data sources simultaneously – 10’s of millions of documents per second
  • Retain, query and analyze data in a tiered architecture with Hot, Warm and Cold data nodes

Relevance

  • Open, modern, extensible schema with data fields indexed using Elastic Common Schema (ECS)
  • Enriched data for content and context
  • Cross-source analysis of diverse data

Big Data Analysis for Cyber Security

The complexity of the cyber threat landscape can overwhelm the cyber analyst. The number of data sources and volumes of data that are available to the analyst creates additional pressures to provide an accurate analysis of the cyber terrain. Many cyber tools have implemented closed, custom analytics systems that create “analytic stovepipes” and the threat actors use that to their advantage in heterogeneous cyber security environments. In addition, the cyber security analyst must address multiple questions for the cyber security ecosystem, including:

  • How can the organization effectively collect data from all cyber security and IT assets to provide a complete picture of the cyber terrain including threats and breaches, lateral threat movement and data exfiltration?
  • How can the organization gain attack chain visibility to identify the phase of the breach for a threat and mitigation steps to resolve the event?
  • How can the organization determine the specific IT assets are involved to formulate a mitigation concise strategy?
  • How can the organization enrich the data collected with threat intelligence and GeoIP data to enhance the analysis process for higher fidelity and lower false positive alerts?
  • How can the organization reduce the mean-time-to-detection, threat actor dwell time and mean-time-response?
  • How can the organization leverage informed machine learning to detect sophisticated attacks, automate and prioritize the analysis process as well as reduce the threat actor’s dwell time in the network?

IQ! Analyst is a key component of the FlowIntelligence™ suite of cyber tools. The solution breaks down the “stovepipes” with an open analytics system, collects data from any systems and it provides the Big Data Analysis for Cyber Security where it answers these questions and many others.

Visualizations that Cyber Analyst Love

IQ! Analyst provides the ability to query and visualize the data. It contains hundreds of pre-defined visual representations for the data elements associated with each data harvester and it enables the analyst to rapidly assess information from those data sources. With the analytics environment, the analyst can select one or more data elements and combine those into a unique visualization. Vega provides the ability to create custom visualizations and Bivio Networks’ solutions engineers can also deliver additional customization of the analytics visualization environment. The visualization engine provides multiple types of geospatial views to include bar charts, line and area charts, circular charts, dot and scatter plots, distributions, geographic maps, heat maps, tree diagrams, network diagrams and many others. Organizations can infuse their brand into the analytics with Canvas. This enables security teams build visualizations and dashboards as well as easily share key performance indicators data for various stakeholders.

Turn-key Solution

IQ! Analyst is delivered as a turn-key analytics solution on Bivio Networks Atlas Cloud Applications platforms. Atlas Cloud Applications platforms permits the solution to scale from the small and medium enterprise to the Fortune 100 global operations. The supporting hardware platforms are designed as hyper-converged solutions with carrier-grade redundancy features to ensure non-stop operations. The analytics operating environment incorporates its own redundancy in the software architecture to ensure mission-critical support for Bivio Networks’ customers. Scaling the analytics environment for each organization is done by our Solutions Architects. They can perform a comprehensive analysis to identify, design and deliver a complete solution to meet the organization’s requirements.

Summary

When Speed, Scale and Relevance of cyber security data matters, IQ! Analyst delivers a robust, open and extensible analytics solution to meet these requirements. This solution truly enables the cyber hunt process and provides clarity to find, mitigate and eliminate cyber threats. Contact your Bivio Networks’ sales team to see how IQ! Analyst can enhance your cyber security operations team.