LAS VEGAS–Fortscale, an Israeli-based big data cyber-security analytics startup, announced a new big data security solution, Fortscale 1.0, at .conf2013, Splunk’s annual worldwide users’ conference here.
Currently in beta, Fortscale 1.0 enables enterprises to easily run big data analytics for cyber-security. The analytics are layered on top of the existing capabilities of big data platforms, to provide intelligence that can be used by security analysts to discover, investigate and remediate security threats, Fortscale said.
“Based on the results we have seen from our installations, we believe that our advanced security analytics solution gives security analysts an effective toolbox to gain intelligence about malicious or rogue users, discover advanced attacks and investigate potential security breaches,” said Idan Tendler, CEO and co-founder of Fortscale, in a statement.
Fortscale was founded in 2012 by security veterans from Israel’s high-tech sector, some of whom served in the Israel Defense Forces’ (IDF) Elite Intelligence and Cyber Unit. Its team includes specialists in big data analytics, machine learning algorithms and cyber-warfare experts.
Fortscale’s analytics are built to mimic the way an attacker or malicious insider thinks and acts, Tendler said. These analytics make use of machine-learning algorithms that can automatically create risk based profiles of users or entities, allowing them to pinpoint suspicious behavior or discover new patterns in user behavior, without the need for pre-defined rules, heuristics, signatures or thresholds. This is particularly useful in cases where the security team is not sure what to look for, he said.
“Fortscale 1.0 is the first product that was specifically designed to address the most severe challenges of cyber-security analysts’ teams in commercial enterprises,” Tendler said. “Its main goal is to turn raw data and logs into valuable intelligence that can be used by security analysts and subsequently by the enterprise’s management. It is designed to provide the cyber security knowhow required to translate the event and log data collected by big data platforms or traditional Security Information and Event Management (SIEM) systems into risk based prioritized leads and events. Security analysts can use the product to focus their investigation efforts on the ‘hot spots’ discovered by the system, expediting lead investigation and threat remediation, as well as verification of alerts.”
Tendler added that the combination of Fortscale’s sophisticated cyber-security analytics with the capabilities of big data engines offers a unique security analytics toolbox that dramatically improves the security analyst’s output.
Fortscale 1.0 is currently available for qualified private beta partners, with product launch planned for the end of 2013.
Meanwhile, also at .conf2013, ForeScout Technologies, a provider of pervasive network security solutions, announced a technology partnership with Splunk. In conjunction with the partnership, ForeScout has made available bi-directional integration between ForeScout CounterACT and Splunk Enterprise and a new ForeScout App for Splunk Enterprise. By combining ForeScout’s dynamic endpoint visibility, access and security capabilities with Splunk Enterprise’s advanced machine data analytics capabilities, enterprises gain enhanced threat insight and automated control, the company said.
ForeScout CounterACT helps organizations gain complete visibility for all devices, users, systems and applications attempting to connect to or on an enterprise network–wired or wireless, managed or unmanaged, PC or mobile. Devices are dynamically discovered, classified, profiled and assessed without requiring agents. CounterACT applies policy-based controls to: allow, limit or block access; manage guests and BYOD users; monitor and enforce endpoint compliance and mitigate violations and exposures. All captured information, as well as event logs, can be sent to Splunk Enterprise for data analysis, reporting and optimized retention. In addition, operators can enable Splunk Enterprise to communicate with CounterACT to directly mitigate security issues. As a result, IT organizations can make their data truly actionable.
“IT organizations are challenged with enormous visibility and control gaps given increased network complexity, BYOD proliferation and the velocity of sophisticated threats. Users not only want greater operational intelligence, but they also want the means to efficiently analyze data and effectuate policy,” said Scott Gordon, chief marketing officer at ForeScout, in a statement. “A combined approach with ForeScout and Splunk gives the best of both worlds to solve a broad range of security issues.”
The ForeScout App for Splunk Enterprise allows customers to easily use and create a wide variety of operational dashboards and reports which take advantage of Splunk Enterprise to efficiently analyze, visualize and store huge volumes of identity, device, application, access and violation data generated by ForeScout CounterACT.