Securonix, a leader in next-gen SIEM, announced at RSA Conference 2020 the launch of the Securonix Analytics Sandbox capability. The new capability provides an isolated test or QA environment within the production setup for security operations teams to test, tune, and validate new use cases prior to pushing them to live production.
Across teams, security operations face a common challenge – testing and deploying use cases without impacting efficiency. The process of fine-tuning use cases and adding team-created content or algorithms to live production environments is time consuming and creates excess “noise” – in the form of unverified alerts, false positives, and violations – for already under-resourced security operations and response teams to handle.
With Securonix Analytics Sandbox, the teams responsible for developing SIEM content can test and fine-tune use cases against real production data without impeding SOC efficiency.
Securonix unveiled its industry-first Analytics Sandbox capability at Securonix Spark 2020, the company’s third annual conference, coinciding with RSAC 2020.
Spark 2020 focuses on combating multi-cloud threats, with presentations by Sachin Nayyar, CEO of Securonix; Felipe Boucas, Director of Product for Managed Security Services at Verizon; Rohit Gupta, Global Segment Leader for Security at AWS; Anil Markose, SVP at Booz Allen Hamilton; as well as several other industry CISOs and subject matter experts.
“Security operations teams are in a catch 22 – they must update use cases rapidly to stay ahead of evolving threats, but must do so in a way that does not add false positive noise or require additional response resources for data storage or compute,” said Sachin Nayyar, CEO of Securonix.
“Leveraging the elasticity of its cloud-based architecture, Securonix is able to provide customers the Securonix Analytics Sandbox capability that satisfies these needs.”
How Securonix Analytics Sandbox works
Securonix Analytics Sandbox allows multiple teams – including data scientists, detection engineers, blue teams, and others – to create multiple test beds to test use cases at scale against production data and analyze the impact in isolation. The use cases tested in the sandbox can be tuned, validated, and then pushed to production.
Securonix Analytics Sandbox enables users to keep entity risk scores intact until the new use cases are pushed to live production. Use cases moved from the sandbox to production provide three options to testers:
- Delete violations (risk score) and delete meta-data (behavioral profile)
- Delete violations (risk score) and keep meta-data (behavioral profile)
- Keep violation (risk score) and keep meta-data (behavioral profile)
Securonix uses the dynamic resource allocation capability within the AWS cloud platform and the Spark application to allocate resources on-demand for the sandbox environment. This allows Securonix to enable the Analytics Sandbox for its SaaS customers at production scale without impacting performance.