Forcepoint SureView Analytics
Rapidly Search and Analyze Large Amounts of Data to Detect Cyber and Real-World Threats
Discover the hidden patterns in law enforcement, enterprise or battlefield data so you can uncover threats, mitigate vulnerabilities and make better decisions faster.
Security analysts in law enforcement, military and commercial settings have to spend too much of their time collecting and collating data across many different public and private sources — time that would be much better spent on real analysis to enable rapid response to threats.
SureView Analytics delivers a dramatically different experience: By employing virtual data warehousing, federated search, powerful algorithms for automated information discovery and intuitive workflow tools, this application gives security analysts the ability to respond to cyber threats, fraud, other criminal activity and even terrorism while they are happening — not hours, days or months later.
SureView Analytics is a comprehensive cyber threat intelligence application for swift mitigation of the risk and cost of a security breach. SureView Analytics’ federated searching technology rapidly accesses vast amounts of information located across the enterprise and returns relevant results as easily digestible pictures in seconds. SureView Analytics provides an advanced analytical environment that allows for comprehensive data visualization and crossfunctional team collaboration resulting in a speedy response to sophisticated attacks.
Federated searching across the enterprise coupled with automated discovery tools and investigative analytics results in security programs with intelligence-led rapid response to attacks.
Virtual Data Warehousing
Traditional approaches to security analysis require organizations to set up data warehouses and ingest mass data — a process that taxes IT resources, triggers onerous compliance requirements, raises sticky questions of data ownership and drives up your Total Cost of Ownership (TCO). By contrast, we avoid those pitfalls by using virtual data warehousing technology that accesses data at high speed without ever needing to copy or move it.
The result is a faster, more economical solution that is quicker and easier to set up, and that avoids putting long-term burdens on your IT and compliance resources.
The federated search capabilities of SureView Analytics allow your analysts to quickly develop a centralized picture of threats by giving your team instant access to live data across websites, emails, social media, documents and internal or external databases (e.g., of crimes, parolees, or FBI-shared data). Besides being highly flexible and scalable, this technology eliminates the traditional need to wait on batch processes, meaning that analysis is based on near-real-time information rather than yesterday’s data. It also allows organizations to take advantage of investments they have already made on enterprise systems for a lower Total Cost of Ownership.
Federated searching seamlessly connects local and remote data sources to create the ultimate virtual data warehouse in order for analysts to have instant access to all data necessary to develop an all-inclusive picture of a situation. The timely process of internal approvals for access to information from multiple divisions across the enterprise is bypassed, as SureView Analytics’ unobtrusive search capability does not ingest mass data into one central location. SureView Analytics does not copy the data source, but merely requests specific information across multiple sources, discreetly capturing key information across the enterprise simultaneously and securely with minimal impact or demands on the existing IT infrastructure.
- Instantaneously search live data across internal or external databases, websites, e-mails or office documents with the flexibility and scalability that the federated search technology offers.
- Circumvent any costly demands of housing big data with the unique virtual data warehouse approach to data aggregation. The technology mimics the outcome of a traditional warehouse while preserving the custody, security and physical ownership of the data on the original source (never copied or moved).
- Comply with data privacy and security restrictions via the integrated security manager, and identify options with unique permissions by individual user or group.
- Quickly run search queries with minimized user interaction through functionality that automates repeatable search processes.
- Customize the types of results returned with fulltext indexing designed with powerful search capabilities like phonetics and synonyms.
Analytical Workflow and Tools
SureView Analytics have been designed from the ground up to be easy to use and to enable rapid collaboration across teams. Its sophisticated data visualization tools enable your analysts to interactively expose patterns, trends and anomalies hiding in large amounts of complex data:
- Link Analysis — Easily uncover clusters of information or key individuals and their relationship to suspicious events.
- Temporal Analysis — Quickly recognize a change in behavioral patterns or unusual conduct needing further investigation.
- Geospatial Analysis — Unearth an unknown relationship or the importance of information based on geographic correlations.
- Statistical Analysis — Identify unexpected peaks in activities or values.
SureView Analytics also include faceted and tactical searching for selective information discovery using visual search filters, as well as alerting functionality and an integrated intelligence database that supports secure information sharing.
Features and Benefits:
- Deploys easily and rapidly with minimal IT overhead
- Eliminates wasteful data duplication
- Minimizes time spent on data collection, collation and correlation
- Maximizes time spent on analysis and informed response to reduce the dwell time of threats
- Reduces TCO and logistical demands on IT and compliance teams
- Facilitates interdepartmental information sharing
- Granular user access through multi-tiered security
- Advanced defense-grade security protocols
- Federated searching of big data across multiple source types
- Virtual data warehouse architecture
- Automated data discovery to find hidden associations
- Integrated geospatial, temporal, statistical and link analysis visualizations
- Built-in reporting tools for drawing and labeling, importing images and customizing reports
Analytical Workflow and Tools
The system’s advanced visualizations uncover information of interest impacting security operations. SureView Analytics’ analytical workflow is designed to quickly map out connections that infected communications may have made, establish relationships among suspicious system behavior, and expose patterns, trends and anomalies in data. The platform optimizes a unit’s productivity with automated data discovery, alerting functionality, and an integrated intelligence database to facilitate the understanding of large amounts of complex data and speed incident response to attacks.
- Easily identify a bad host and other possible infected hosts with link analysis visualizations that map out the travel of suspicious communication across the enterprise.
- Quickly bring forward suspicious behavioral patterns or unusual system conduct needing further investigation by laying out data as advanced temporal patterns.
- Easily produce daily intelligence briefs and share situational awareness of the enterprise security posture with built-in reporting tools. Reports are easily ingestible as drawing, labeling, legend and image import features are centrally available for report customization.
- Unearth important geospatial correlations of a breach due to its geographic location with geospatial visualization integrations.
- Achieve rapid data discovery with faceted searching tools adding navigational searching in addition to direct searching to reduce the noise.
- Enrich the data with metadata transformation tools that harmonize values of data by adding its real world meaning.
Quickly bring forward a change in behavioral pattern or unusual conduct needing further investigation by laying out data as an advanced temporal pattern.
Understand the travel of possibly infected communications across the enterprise.
Unearth an unknown relationship or importance of information due to its geographic correlation or location with geospatial visualization integrations.
Identify unexpected peaks in activities or values with statistical representation of multisource data.
SureView Analytics Platform:
An enterprise application with a low total cost of ownership
The Forcepoint SureView Analytics platform has a low cost of ownership with minimal impact on the existing IT infrastructure. Unique to the industry, the technology connects directly to operational data stores and creates a “virtual” data warehouse, hence eliminating the need for IT to maintain yet another massive data warehouse as the data is never copied or moved. SureView Analytics is also a client-server application that uses Commercial-Off-TheShelf (COTS) hardware, has an optional Persistent Cache that lets you publish content from any database without worrying about transactional load, can even run on a virtual machine and is easy to integrate with existing applications.
SureView Analytics platform. Federated searching across the enterprise coupled with automated discovery tools and investigative analytics for fast response to sophisticated attacks.
Download the Forcepoint SureView Analytics Security Operations Datasheet (.PDF)