Anomaly Detection

A lot of the current security solutions measure only on the known use cases. Unomaly is a self-learning, change oriented monitoring tool for the critical systems within organisations. The solution automatically understands after a short learning curve what the normal behaviour is and can therefore detect incidents, problems and issues by their abnormal behaviour. The Unomaly solution can act within a security based environment but can also be of benefit in an actual operations environment. The solution can also act as a filter for enriching the information from the output of a SIEM solution.

Unomaly

Unomaly

Unomaly is built to solve the challenge of detecting, understanding and responding to problems, failures and incidents in complex, critical and intensive IT environments.

  • Detect unknown issues
  • Monitor each individual change
  • Perform forensic analysis in real-time
  • Automate requirements

Unomaly is a new way of monitoring critical systems – data driven, self-learning and change oriented. It automatically understands normal and detects incidents, problems and issues due to its anomalous nature.

Every system produces data, all the time, in vast volumes and in unstructured formats. Unomaly consumes and analyses that data to deliver insights into the known and unknown.

Every system, app or service eventually fails. Typically, when things break it propagates until it finally materialize in an observable impact. Unomaly is capable of detecting the issue early due to its anomalous character, and give complete cross-platform details of how it has developed.

  • Detect unknown issues, unforeseen events and incidents before their effect
  • Avoid costly troubleshooting and root cause analysis efforts
  • Instantly act, share and report on situations

Every security incident leaves a trace. Any steps taken by an adversary that is not part of the normal behaviour of a system results in new, rare or changing data. Unomaly exploits that fact, and enables detection of advanced, creative and persistent threats by its anomalous nature.

  • Take advantage of knowing your systems better than your adversaries
  • Detect zero day security incidents by its anomalous character
  • Perform forensic analysis in real-time, instead of on historic data
  • Produce reports in a click summarizing the incident timeline

Change is a double edged sword – absolutely necessary for improving but also a risk. Unomaly provides a real-time view of how individual changes affects the environment, where the normal data is removed and the rare and anomalous is highlighted. Ultimately, this is the best way of ensuring that changes are successful. And a real-time awareness if that isn’t the case.

  • Monitor each individual change in real-time to spot issues
  • Understand cross environment impact without need for predefined relationships
  • Strengthen change management with bottom up information on actual change

Compliance- and best practice frameworks (be it PCI, ISO27001 or MOF) requires and recommends analysing data to spot irregularities. Unomaly gives a natural insight and a streamlined workflow to understand the activities in the environment. Ultimately so that IT can get complete control and situational awareness.

  • Automate PCI requirement 10.2 on daily review of log data
  • Follow NIST recommendations for Continuous Monitoring
  • Follow NIST recommendations on Incident Handling
  • Follow SANS Incident Handbook recommendations on analysis

How different?

  • Future oriented; detect changes and new issues – not already experienced, historic failures
  • Plug and play; just send your data in any way that suits you. Any data, from any system, operating system, service or app – without parsing
  • Complete workflow; from consuming data, to analysing it, to having engineers act on issues and managers’ report on quality
  • Predictable costs; per system licenses without any constraints on volume. You pay for the value you get, not what you input

For more information, call our security consultants at +31(0)345 506 105 or send an email to info@isoc24.com

Vendors

Sourcefire, Niksun, Netwrix, Redsocks, Rapid 7, Unomaly, Logpoint, Isight Partners