Security On-Demand Inc., (“SOD”) the leading provider of advanced threat detection and Analytics-as-a-Service, announced the availability of its new Version 5.0 ThreatWatch Platform, which will give customers and network security analysts the ability to quickly analyze billions of logs to uncover and act on cybersecurity threats in minutes.
SOD is the industry’s first Managed Security Services Provider to use SuperScale Analytics the world’s first approximate query database engine used to conduct log queries across petabytes of log data, previously unfeasible.†
“Cybersecurity technology will continue to transform over the next few years, and we’ll start to see an integrated Security Operations and Analytics Platform Architecture (SOAPA) that will include integrated, security operations, multi-faceted analytics platforms, and tight interoperability between security operations and network security controls,” said Jon Oltsik, senior principal analyst with Enterprise Strategy Group.
The underlying technology was researched and developed over several years by a team of leading data scientists. By applying Rough Set Mathematics Theory, they developed the world’s first Approximate Query (AQ) data analytics engine, which has evolved into SOD’s SuperScale Analytics technology.† The source code, patents, and intellectual property were acquired earlier this year from Infobright Corporation and have now been fully integrated into SOD’s Version 5.0†ThreatWatch†cybersecurity analytics platform.
“Thanks to our use of SuperScale Analytics, along with recent advancements in our machine learning capabilities, our new Version 5.0 platform detects threats and performs analyses in a matter of seconds or minutes instead of the days that it would take competing platforms to accomplish the same tasks,” said Peter Bybee, CEO of Security On-Demand.
SOD was able to use its updated technology to analyze threat data from the recent WannaCry Ransomware outbreak several months ago.† One of the threat indicators in determining whether a customer was being attacked was high traffic volume on port 445.† Counting traffic on this port across many hundreds of customers going back thirty days would require a database query that would take a week or more to scan across petabytes of log data, however using SOD’s SuperScale Analytics-based query engine, SOD performed the analysis in about twenty minutes.† Said Bybee, “We were able to immediately find multiple compromised customers that were in the beginning stages of the attack which allowed us to quickly notify and help protect them from hundreds of thousands of dollars’ worth of data damage and lost productivity.”†
As part of the upgraded Version 5.0 feature set, customers log into their portal and instantly see the top incidents (ranked by importance) requiring their attention without being distracted or burdened by alert fatigue from data that requires no action. Customers can also use a database search query feature to locate log data and alerts in a matter of seconds or minutes. Prior to version five, log data queries would take hours or days to produce because of the massive data lakes that had to be queried for a response.