Deepwatch increases flexibility with its open security data architecture

Deepwatch introduced its open security data architecture, which provides customers with their choice of cloud and local data sources, including support for a broad range of Security Information and Event Management (SIEM) solutions as well as data lake, XDR, and MDR solutions.

Deepwatch’s new open architecture allows customers to fully leverage existing security investments, delivering pre-built, seamlessly integrated stacks for endpoint, identity, network, and cloud protection. With support for multiple SIEMs, data lakes, and correlation engines, customers can expect reductions in incident response time, false positives and downtime, ensuring comprehensive coverage and precision response across all customer assets.

“Deepwatch is providing an open, agnostic approach to cyber resilience, leveraging existing customer investments,” said Charlie Thomas, Deepwatch CEO. “Today we are excited to deliver optimal flexibility and improved data visibility, correlation, and response.”

The cloud-based applications and services adopted by modern enterprises are monitored by a myriad of point security solutions and platforms. This range of data sources is problematic for traditional MDR platforms and technologies that rely on a single logging pipeline, leading to rising complexity and cost. Achieving cyber resilience requires companies to adopt a decentralized data logging architecture, one where detection and response is delivered wherever data resides.

Gartner described the importance of this architecture in the 2023 report The Future of Security Architecture: Cybersecurity Mesh Architecture (CSMA) report as the security layer of its concept: “The key capability of the layer is in its ability to take signals from many different point products and apply a relationship-based risk scoring matrix to feed multiple types of decision points. This layer is an evolution of what SIEM, SOAR, UEBA and XDR vendors are doing today. Currently no vendor has all of the capabilities in this layer available as a product offering. This mesh of dynamic scoring provides the ability for this layer to trigger defensive actions before attacks materialize.”

By embracing an open security data architecture, Deepwatch delivers on the promise of defensive capabilities and coordination of actions through greater visibility while reducing overall spend. This allows customers to leverage the SIEMs and data lakes of their choice, better aligning to their business needs and licensing agreements and ultimately providing better detection and response to this wider range of threats.

Deepwatch’s new architecture is powered by multimodal Generative AI capabilities, federated search of native data locations, and proprietary hyperautomation and process mining. Deepwatch will deliver its Open Security Data Architecture (OSDA) through the next generation of the Deepwatch platform with support for Splunk today, Microsoft Sentinel in April 2024, and CrowdStrike shortly after.

Microsoft Sentinel support will be the first of many data sources followed by other sources (Endpoints, EDR, SIEMs, XDR, data lakes, and cloud) that Deepwatch will support to unlock new capabilities and increased data flexibility.


Subscribe to the Help Net Security breaking news e-mail alerts:

More about

Don't miss