Siren announced the release of Siren 11.0. The latest version of Siren is a major step forward in enabling investigative teams to quickly conduct advanced Signal Intelligence (SIGINT), Cyber Intelligence (CYBINT), and Open Source Intelligence (OSINT) investigations.
Previous versions of Siren focused on smaller teams and required the creation of separate environments per use case, 11.0 Introduces support for parallel analyst teams to investigate data in segmented, case specific data environments.
In addition, new functionality has been added including advanced support for Natural Language Processing (NLP) and the ability to spatially track moving data points.
Dr. Giovanni Tummarello, Founder and Chief Product Officer, at Siren, said: “The original version of Siren focused on advancing the exploration of big data. With Siren 11 we are extending that vision to incorporate the required features for the SIGINT, CYBINT and OSINT domains. This is then coupled with the ability for teams to collaborate and create workflows. When analysts are looking to keep people, financial assets, and networks safe, teamwork beats individual effort every time.”
SIGINT/OSINT/CYBER support: Introducing templates for intelligence solutions
11.0 introduces templates for SIGINT, CYBINT and OSINT providing example dashboards, data models, and supporting webservices which address some of the most critical problems in national security.
The templates enable analysts to visualize device positions in real time or historically at a scale of billions of records, perform contact tracing based on device positions, and find aliases.
For Natural Language documents (OSINT), 11.0 enables users to visualize and interact with NLP annotated text. It also supports revisions of wrong annotations and creates streams of feedback for the team responsible for the NLP engine.
For Cyber, 11.0 includes a MITRE ATT&CK-based data model and template deployment for top of the cyber pyramid threat intelligence and threat hunting.
New functionality: An overview
New functionality in Siren 11.0 primarily addresses the challenges organizations face in relation to three major elements of an investigation lifecycle:
- Processing and exploitation: the conversion of collected information into forms suitable to the production of intelligence
- Analysis production: the conversion of raw information into intelligence
- Dissemination and integration: the delivery of intelligence to users in a suitable form and the application of the intelligence to appropriate tasks
New capabilities in 11.0 which tackle historical issues in these three areas include:
Dataspaces: Segmentation and collaboration workspaces
Organizations often require teams to work on the same datasets during an investigation, however collaboration between users is frequently problematic to facilitate in a safe setting.
In 11.0, Siren has introduced Dataspaces – a functionality which provides secure, segmented homes for individual investigations or teams, enabling parallel working in an environment which encourages wider collaboration. As part of this new capability, data sandboxes have been introduced to allow secure idea experimentation.
Process and workflow improvement
Siren 11.0 addresses many of the integration and workflow issues many investigations face – for example, there has always been difficulties in regard to automating task assignment & ticketing, measurement, and gaining a wholistic view of the process lifecycle management of an investigation.
11.0 includes a native integration with Jira (a work and project management tool) which ties Siren activities to tickets, attaches reports to the original ticket, and drives operational reporting from workflow data – fully automating the workflow authorization and approval processes.
Communication and justification
The Jira integration enables users to disseminate artifacts far more easily. In terms of the investigative process, this means analysts can audit search and investigative workflows, append dashboards to workflow tickets, support legal discovery, and compile leadership reports.
In essence, making the process far more transparent, easier to measure, and evaluate. For each investigation, a dataspace can be created to assist in justification and play back.
Analytic scope and precision
Across the industry, there is a growing demand for more support for unstructured data and analysts are demanding more control so that they can override NLP if required. In 11.0, there is enhanced support for NLP of unstructured data to allow taxonomy overrides by analysts.
New functionality also includes Data Editing which enables analysts to revise original content and annotate – annotations are crucial if analysts are to communicate and collaborate on cases.
Scalability and security
11.0 introduces numerous performance and scalability improvements, these include a new, fast join strategy auto selected, the availability of big data benchmarks at 15bn records and above, enhanced Elastic security standards support and full support for Elastic 7.9.2 , with support for other Elastic versions pending.