ClearSkies™ Cloud SIEM Version 5.9

Overview

In keeping with our principle “to fulfil our clients’ needs and exceed their expectations”, we are continuously revamping our platform with new innovative features and enhancements. Such features and enhancements are a testament of our pioneering role in the uncharted territory of Big Data Advanced Security Analytics.

What’s New

Several new features are introduced in this ClearSkiesTM SaaS NG SIEM version 5.9:

Analytics

Big Data Search

The enhanced “Big Data Search” application improves user experience by increasing productivity and effectiveness as follows:

  • A query-based event count timeline helps visualize anomalies with more details on an activity during a selected period. When creating a column-based analysis (filter), a bar chart visualization offers a new perspective. Search queries can be bookmarked for future reference.
  • All search queries are now being validated for convenience, and users are now notified if a query is invalid.
  • The search query window carries an auto-complete filter-as-you-type capability, showing suggested search syntax, bookmarked search queries, examples and operators etc. A filtered query regarding assets can now be created directly from the “Search in” dropdown menu.
  • A comprehensive date/time picker was added for providing to the user the ability to perform more time sensitive queries.
  • The new Indicators Of Compromise (IOCs) dropdown menu enables the user to filter out or perform search queries related to probes identify as malicious; selected IOCs are colored red in the queries results.
  • Integration with “Threat Anticipation” application, which provides a visual representation of events identified as malicious.
  • Two breakdown pie charts were added: “Events by category” and “IOC events” for providing to the user the distribution of log and vent data collected.
  • A pie chart visualization depicting query results is now included, with drilldown capabilities executed automatically upon clicking on a chart segment.

User & Entity Behavior Analysis (UEBA)

The introduction of an unsupervised machine learning model that keeps track of human-driven network/system activities in order to create a baseline of users’ work days and time shifts.

For any user, the model yields one of three results:

  • The actual working hours
  • Whether it is a shift operation
  • There is not enough data

Threat Intelligence

Attack Probes

  • This new application provides a visualization representation of attacks happening in near real-time against your organization.

Threat Anticipation

  • With a user-friendly design, this new application anticipates which type of threats targeting your organization might affect the confidentiality, integrity and availability of your information assets. Threats are categorized into different Indicators Of Compromise (IOCs) types, such us Malware, Trojan, ToR Exit Node, Reconnaissance activity etc.
  • The ‘network map’ helps users visualize the entire activity, including which assets detected this activity, devices/application/network targeted, action taken by these assets, direction of the activity, type, count, classification of the attack and much more.
  • This powerful ‘network map’ provides the associations of IOCs with users, driven by the “User & Entity Behavior Analysis” (UEBA) application, additionally providing a summary with what was observed.
  • Further analysis on each threat allows the user to jump into the “Big Data Search” application and view related log and event data.
  • Unsupervised machine learning model for detecting phishing and malware delivery domains/sites (DNS fast flux): Utilizing a machine learning model to detect outbound connectivity to malicious domains/sites by analyzing DNS log data.

Heat Maps

  • This new application presents the density and frequency of attacks by country. It provides a further drilldown of attacks by selecting a desired country on the map. Upon selecting a threat, the application redirects to the “Threat Anticipation” application for a further graphical representation of the threat.
Version
5.9

Continue Exploring

Endpoint

August 9, 2021
ClearSkies™ EDR Agent v6.5 is a comprehensive Endpoint Detection & Response solution, fully integrated with ClearSkies™ Cloud SIEM. It complements the detection of and response to never-before-seen targeted attacks…
+ Read More

SIEM

July 29, 2021
Digital Transformation is changing the world, and we are constantly staying ahead of the curve to anticipate the digital risks emanating from the rapid expansion of the information-threat landscape. In keeping with our p…
+ Read More

SIEM

June 22, 2021
In keeping with our principle “to fulfil our clients’ needs and exceed their expectations”, we are continuously revamping our platform with new innovative features and enhancements. Such features and enhancements are tes…
+ Read More
Demo request

See it in action!

Request a live demo from our representatives to experience the value of ClearSkies™.

talk-to-an-expert-3
An Odyssey Product

ClearSkies™ is an Odyssey product included in Gartner’s 2021 Magic Quadrant for SIEM.