Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations

2/24/2020
10:50 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Securonix Enables Use Case Testing at Full SOC Scale with New Analytics Sandbox Capability

Securonix Unveils Capability to Improve SOC Efficiency and Make SIEM Tuning Better and Faster at Spark 2020 Conference and RSAC 2020

San Francisco, CA – February 24, 2020 – Securonix, Inc., a leader in next-gen SIEM, today announced the launch of the Securonix Analytics Sandbox capability. The new capability provides an isolated test or QA environment within the production setup for security operations teams to test, tune, and validate new use cases prior to pushing them to live production.

Across teams, security operations face a common challenge - testing and deploying use cases without impacting efficiency. The process of fine-tuning use cases and adding team-created content or algorithms to live production environments is time consuming and creates excess “noise” - in the form of unverified alerts, false positives, and violations - for already under-resourced security operations and response teams to handle. With Securonix Analytics Sandbox, the teams responsible for developing SIEM content can test and fine-tune use cases against real production data without impeding SOC efficiency.

Securonix unveiled its industry-first Analytics Sandbox capability at Securonix Spark 2020, the company’s third annual conference, coinciding with RSAC 2020. Spark 2020 focuses on combating multi-cloud threats, with presentations by Sachin Nayyar, CEO of Securonix; Felipe Boucas, Director of Product for Managed Security Services at Verizon; Rohit Gupta, Global Segment Leader for Security at AWS; Anil Markose, SVP at Booz Allen Hamilton; as well as several other industry CISOs and subject matter experts. 

“Security operations teams are in a catch 22 - they must update use cases rapidly to stay ahead of evolving threats, but must do so in a way that does not add false positive noise or require additional response resources for data storage or compute,” said Sachin Nayyar, CEO of Securonix. “Leveraging the elasticity of its cloud-based architecture, Securonix is able to provide customers the Securonix Analytics Sandbox capability that satisfies these needs.”

How Securonix Analytics Sandbox Works
Securonix Analytics Sandbox allows multiple teams - including data scientists, detection engineers, blue teams, and others - to create multiple test beds to test use cases at scale against production data and analyze the impact in isolation. The use cases tested in the sandbox can be tuned, validated, and then pushed to production. Securonix Analytics Sandbox enables users to keep entity risk scores intact until the new use cases are pushed to live production. Use cases moved from the sandbox to production provide three options to testers:

  • Delete violations (risk score) and delete meta-data (behavioral profile)
  • Delete violations (risk score) and keep meta-data (behavioral profile)
  • Keep violation (risk score) and keep meta-data (behavioral profile)

Securonix uses the dynamic resource allocation capability within the AWS cloud platform and the Spark application to allocate resources on-demand for the sandbox environment. This allows Securonix to enable the Analytics Sandbox for its SaaS customers at production scale without impacting performance.

Securonix will be demonstrating the new Analytics Sandbox capability at Spark 2020. To register for Spark 2020, please visit www.securonix.com/securonix-spark/. Demonstrations will also be happening at RSAC 2020, February 24-28 in San Francisco, CA, at booth #527 in the South Hall. 

About Securonix
The Securonix platform delivers positive security outcomes with zero infrastructure to manage. It provides analytics-driven next-generation SIEM, UEBA, and security data lake capabilities as a pure cloud solution, without needing to compromise. To learn more about Securonix, its products and services, visit www.securonix.com or follow us on LinkedInFacebook and Twitter.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Malicious USB Drive Hides Behind Gift Card Lure
Dark Reading Staff 3/27/2020
How Attackers Could Use Azure Apps to Sneak into Microsoft 365
Kelly Sheridan, Staff Editor, Dark Reading,  3/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-10940
PUBLISHED: 2020-03-27
Local Privilege Escalation can occur in PHOENIX CONTACT PORTICO SERVER through 3.0.7 when installed to run as a service.
CVE-2020-10939
PUBLISHED: 2020-03-27
Insecure, default path permissions in PHOENIX CONTACT PC WORX SRT through 1.14 allow for local privilege escalation.
CVE-2020-6095
PUBLISHED: 2020-03-27
An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null pointer deference resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.
CVE-2020-10817
PUBLISHED: 2020-03-27
The custom-searchable-data-entry-system (aka Custom Searchable Data Entry System) plugin through 1.7.1 for WordPress allows SQL Injection. NOTE: this product is discontinued.
CVE-2020-10952
PUBLISHED: 2020-03-27
GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images.