Automated security analytics and protection

Network security teams face the task of protecting networks with disparate tools that are limited, slow and labor intensive. Multi-stage attacks executed by diligent cyber criminals have become the norm. Security administrators are unable to keep up due to limited data visibility, weak analysis tools, lack of continuous audit, and unable to convert knowledge into immediate action.

With their day consumed by routine policy lockdown – and few automated tools or time to sort through growing piles of network telemetry – suspicious and other out-of policy activity goes unnoticed with increasing peril.

Click Security announced its blueprint to help enterprises, higher education, critical infrastructure and government agencies protect their networks by automating the process of finding and closing security breaches.

The company also announced its Automated Security Analytics Platform (ASAP) solution, a real-time, stateful data flow engine, operating entirely in memory, capable of monitoring thousands of complex, correlated security events across hundreds of thousands of events per second.

ASAP consists of Data Mining Units (DMU), a Module Processing Unit (MPU) and a library of powerful software-based Click Modules designed to address a broad range of security issues across three crucial functions:

Investigation: Click Modules are built from real-time analyst drilldown into anomalous activity that may initially appear benign, but when correlated across related vectors, may indicate advanced threat activity that requires immediate attention. All types of data sources, including event logs and live traffic, are leveraged in the analysis.

Collaboration: Click Security supports a rich collaboration environment by allowing security administrators to invite another analyst into their “war room” to investigate security issues and create new automated protection modules. Once created, modules can be easily shared; yielding a rich library of best practices that harnesses the collective wisdom of the worldwide security community.

Lockdown: Click Modules are capable of addressing complex correlations required to detect modern attacks. ASAP can run thousands of automated protection modules simultaneously and in real-time – enabling the automation of a multitude of security tasks, regulatory compliance enforcement, security policy lockdown and industry best practices.

The security intelligence behind ASAP and Click Modules resides in Click Labs, Click Security’s research and module development agency. All modules are housed in the Click Library, a repository also populated with the needed design guidance to enable security administrators to convert their own policies into live Click Modules. Click Modules can originate from Click Labs or from outside security experts, and be shared broadly or within a closed user group.