This is one of our new categories. It was a lot of fun to do. While at first blush there may appear to be some redundancy in these Innovators, the fact is that, although there is a bit of overlap, they are very different in their approach and end goal. If cost is not an object, you really could benefit by having all three in your SOC. Certainly I would.
The approaches that each of these Innovators takes is focused on a specific way of viewing the security monitoring and analytics problem.
The approaches that each of these Innovators takes is focused on a specific way of viewing the security monitoring and analytics problem. For example, one of the products focuses on the kill chain. One focuses on taking a deep dive into what is happening on your network. And the third is the nearly perfect threat-hunter's tool. Taken together – and with the addition of a couple of cloud-specific tools if that is your particular poison – these applications make skilled analysts superlative and average analysts very good. That sounds like a dream SOC to us.
The question that comes up when we use terms such as “next generation" is, what exactly do we mean? In this case, we are carving out the parameters of the next generation as including techniques such as sophisticated analytic algorithms, machine learning and heavy, cloud-based analysis allowing very lightweight agents on the enterprise. All three of these Innovators exhibit these characteristics.
While there are lots of uses for the cloud – reasonable or not (some are pure marketing while some really have a purpose) – the use of the cloud to perform heavy analytics is probably the best we can think of from a purely technical perspective. Heavy analytics take lots of computing power (easy to get in a cloud environment) and scads of storage (exactly what the cloud was made for). Another huge benefit is the pervasiveness of access allowing rapid and efficient data collection and dissemination from/to anywhere in the world. Next-generation security tools are very heavy cloud users.
So, with all that in mind, here are three Innovators that are, to use the vernacular, the tip of the security analytics spear.