Features / You'll love

Big Data Management System

Big Data

Whether you are hunting for a specific breach suspected in your environment or generating a dashboard for a management review, data from individual logs is never sufficient to establish your goal. Raw data must be supplemented with metadata such as device names, geo-coordinates, users etc. to make sense. In fact, security events generate so much data, there is a risk of overwhelming analysts and limiting their ability to discern key events.

DNIF augments its Big Data pedigree by enriching ingested data at source providing the much needed Information context. Contextual information improves the quality of analysis as well as helps in effective presentation of conclusions arrived from the analysis.

Organizations can also customize enrichment capabilities of DNIF to insert specific data points such as application specific tags (ex. user records) or data from vulnerability reports.


Enrichment

A significant portion of information security efforts go into monitoring and analysing data about events on servers, networks and other devices. However, most data platforms such as traditional SIEM* or PAM** tools can only examine packets in a stateless manner and hence provide limited insight.

DNIF based on a big data platform can work with real time data as well as over time, hence it can correlate events across time and space. This means the stream of events logged by one device, such as a Web server, may be highly significant with respect to events on an end-user device a short time later.

Big data based architecture also allows longer latency archival storage, thus enabling visualization tools such as dashboards and adaptive search applications such as Threat Hunting for specific events and scenarios.

Big Data Management System

Big Data Management System

Orchestration

How many times have you found the same pattern of events leading to the same action – an IP found consistently scanning your web-server belonging to a rogue IP range just needs to be blocked on your firewall. And how many times you wished that the tool could do this on its own?

DNIF is an intelligent platform designed to integrate and interact with external and internal workflow handlers to help orchestrate routine security actions. DNIF not only provides a library of actions and ability to build more but it can also trigger your applications and APIs on correlated events.

Using DNIF’s orchestration capabilities you can enable messaging to your team (on slack for example) or you can have a device auto-configure itself or create an incident report in your ticketing systems (example Jira).


Features / Everything

Like what you see here? You can get started with your own DNIF deployment.

Top