BAE Systems Detica is to launch a tool that combines Big Data analytics with event analysis and investigation tools.
Named CyberReveal, it said that the defence-grade product will take statistics from other technologies and process the events to spot anomalies and threats.
Speaking to SC Magazine, Dave Garfield, managing director for cyber security at BAE Systems Detica, said that this was intended to help solve the notion of built-up, complex solutions delivering event data that is unmanageable and unviewable.
He said: “We took a top-down approach, as there can be millions of events every day and a lot boils down to what you need to investigate by risk scoring. This is based on the way we deal with advanced fraud.
“The analytics are based on the threat model of the behaviour of attacks and we are looking for the symptoms and behaviour, and what you want to generate is a window during the investigation where you can see a targeted attack via a series of email attachments or a number of users visiting the same website.”
According to the company, CyberReveal processes billions of data records and gives analysts a single view of network activity across their whole IT estate, detecting attacks by their behaviour – not just by the signatures of previous attacks.
Asked how this can be done when so many attacks are designed to be stealthy or ‘fly under the radar', Garfield said that this is the business that BAE Systems Detica is in, and in the cyber space the tool looks at the point of entry.
“It is hard to say what is an indicator of a targeted attack. This [tool] will monitor, analyse and assist in the decision making to deliver better security and be efficient enough to do a proper investigation,” he said.
“What we want to deliver is a platform with advanced analytics that looks at everything and sits for five hours analysing. This is not a forensics tool, but a technology to aggregate form different sources.”
Martin Sutherland, managing director of BAE Systems Detica, said: “CyberReveal addresses four key areas where traditional approaches are proving ineffective against the modern cyber threat – helping analysts to prioritise the incidents they investigate, managing huge data volumes, evolving their defences in line with a rapidly changing threat environment, and enabling quicker, more informed decision making.
“This is the first time we're making our technology available for companies that have their own analysts. CyberReveal provides a unique ‘single pane of glass' for analysts by linking security event data information from across the entire organisation. It can show them where they need to focus their attention and piece together disparate data to give them the big picture – critical to defending against the most advanced and insidious cyber threats.”