Finally, NG SIEM that can be managed by less than one security analyst

If you had to invent the perfect SIEM from scratch it would be an intelligent platform, that lowers the burden of false positives from your security team, and is easily managed, even by a small team.

empow’s game-changing automation technology makes this possible. Integrated with data search leader Elastic, “i-SIEM empowered by Elastic" turns the analyst’s flow upside down. Instead of an army of analysts working their way through the mountain of logs from the bottom up, they can now work top down.

It Works for

Ransomware

Financial data-leak

Privilege escalation

Insider threat

Intelligence gathering

Personal data-leak

An Adaptive Intent-based Security Platform

empow’s i-SIEM provides a vendor agnostic solution. empow’s security language is aligned with the MITRE ATT&CK™ framework and utilizes it to help you defend your enterprise more effectively. Based on the taxonomy of the adversary’s tactics and techniques – which represent attacker intent – i-SIEM provides pre-built targeted defense strategies (Security Apps) that identify and prioritize known and unknown threats.

How It Works

empow’s i-SIEM solution is made possible by its proprietary AI technologies, which are strategically integrated into the following process:

1
Data Sources
2
Deciphering
Attacker Intent
3
Cause-and-Effect analytics
identifies real attacks
4
Response Orchestration

Security Applications

empow’s i-SIEM sits on top of the organization’s existing network infrastructure and translates targeted defense strategies (Security Apps) into coordination instructions for detection, investigation and response, according to each Security App.  The Platform has predefined security applicaitons, all of which are customizable.

1

Data Sources

The integrated i-SIEM empowered by Elastic collects all types of IT data including security logs, security intelligence feeds, OS logs, servers and application logs, network flow data and more, by using a range of available data source plugins.

2

Deciphering Attacker Intent

empow’s AI and NLP (Natural Language Processing) and Adaptive Expert Engines, classify attacker anomaly behavior and intent. Three main types of malicious intent classifications are done: User entity anomaly classification, Network traffic anomaly classification and Security events classification. This process runs continuously and automatically, with virtually zero human involvement, and marks the logs and events with intent metadata which is indexed into the elastic DB. Examples of intent classification include: account discovery, derive-by compromise, exploitation for privilege escalation, automated collection, exfiltration over command and control channel, and data encrypted.

3

Cause-and-Effect Intelligence

empow’s security analytics engine identifies cause-and effect relationships between the collection of deciphered intents, grouping them together and prioritizing the real attack stories and compromised entities in the organization. This engine emulates human security expert processes, identifying the real persistent attack patterns out of all the noise and deciding, according to the attack intent, which investigation policies are required, and which proactive response policies to employ.

4

Response Orchestration

empow’s Contextual Orchestration Engine dynamically identifies and selects the best available products and network tools to execute the investigation and response actions. This translates into fast and optimal incident response, while at the same time simplifying security operations and eliminating maintenance overhead.

Security Applications

empow’s i-SIEM collects and analyzes the IT data and actualizes the selected and customized defense strategies.

Privilege escalation

Detects, investigates and prioritizes real attack campaigns that try to gain admin privileges in order to conduct a range of attack types on the organization.

Spear phishing

Detects, investigates and prioritizes real attack campaigns that involve with phishing and other social engineering methods targeted at individual users, resulting in confidential user information theft, account take over, and more.

Intelligence gathering

A generic application that detects, investigates and prioritizes intelligence gathering attack vectors, including incidents that can evolve into actual attacks.

Financial data leak

Detects, investigates and prioritizes real data leak attack campaigns.

Ransomware

Detects, investigates and prioritizes real attack campaigns that try to break into data services that store sensitive information and encrypt it for ransom purposes.

Insider threat

Detects, investigates and prioritizes real attack campaigns that involve insiders engaged in abnormal traffic and user behavior activities.

DIY

empow recognizes that your team’s skills are an essential component
of your overall security.

That’s why our platform is built to leverage your skills and requirements to create new security applications. Your security experts can easily build apps using a guided UI process where they select the security services and security functions, as well as workflows that will integrate detection, investigation and mitigation behaviors. Once built by your team, these apps become part of the tool-set that empow abstracts and orchestrates.

 

UEBA & NTA Engines

empow’s i-SIEM comes with out-of-the-box UEBA (User Entity Behavioral Analytics) and NTA (Network Traffic Anomaly) engines that learn and profile the normal behavior patterns of users, applications and traffic, and detect anomalies based on deviations from these patterns.

These engines add an important layer of detection :

  • They spot suspicious and abnormal behaviors that indicate an attacker is already in the environment or a bad insider is active – otherwise missed by signature-based or heuristics tools and static SIEM rules based on thresholds.
  • They identify a critical visibility gap, where most organizations only deploy perimeter and host-based tools, leaving their internal networks, cloud and user activity unmonitored.
  • They can help triage, confirm and complete attack stories by discovering additional attacker steps along the cyber kill chain.

Providing these as integrated, out of the box detection capabilities of empow’s i-SIEM enables to correlate network and user behavioral based anomalies, with 3rd party security alerts from other data sources as well as the organization’s identity management information. This provides a wider context for decisions and removes false positives and noise from the entire cyber security system.

Monitoring, Reporting
and Alerts

empow’s i-SIEM provides visibility into the security and health status of the organization’s entire security platform through a display of statistics of the IT security infrastructure and alerting on any operational issues.

The i-SIEM’s pre-defined and customized dashboards and alerts allow notification to 3rd party security operation systems, including ticketing and case management tools.

Contact Us

We’ll show you how we can quickly and economically
turn what you have into what you need.