Posted: 15th April 2022

Product Overview

Securonix is a leader in the Gartner MQ for SIEM. The Securonix Security Operations & Analytics Platform provides analytics-driven next-generation SIEM, UEBA, and security data lake capabilities as a pure cloud solution, with zero infrastructure to manage.

While security threats become more challenging, business technologies generate an ever-increasing amount of data making legacy security monitoring solutions obsolete as they struggle with an inability to scale with limited resources and architectural challenges.

Built on AWS, the Securonix platform delivers unlimited scale, powered by advanced analytics, behavior detection, threat modeling, and machine learning. It increases security through improved visibility, actionability, and security posture while reducing management and analyst burden.

Challenges Overcome Through Integration

Recorded Future for Securonix allows organizations to quickly resolve security threats using external threat intelligence and rich context from Recorded Future directly on top of Securonix.

Now analysts are able to view related external risk and evidence assigned to IPs, Domains, Hashes, URLs, and CVEs on Securonix events for greater context as they investigate and respond to incidents. Full transparency is provided on the evidence applicable to any given IOC (indicator of compromise).

As a result, the joint solution enables SOC teams to proactively detect attacks and take preemptive countermeasures. This can be used to prevent attacks and contain threats before they occur, and thus bridge the gap between pre-attack and post-attack activities.

For example, if attempts to go to a malicious domain or IP that is reported by Recorded Future, SOC analysts now have the ability to not only have blocked that access attempt but quickly see the threat indicators & risk scores that go into why a domain/IP is a bad actor.

Integration Description

Recorded Future’s data is brought directly integrated into Securonix to correlate internal telemetry data against high fidelity datasets from Recorded Future for the purpose of detecting threats faster. The integration makes use of the Recorded Future IP, Domain, Hash, URL, and CVE risk lists.

This information is correlated using the Securonix Analytics AI-based engine enriched with other indicators from other assets in a customer’s ecosystem.

The joint solution can help mitigate risk associated with malicious domains, URLs, and IPs, etc. by enriching the data lake with known risk scores.

The integration between Securonix and Recorded Future allows security responders to

  • Detect and gain context on Securonix events with real-time external intelligence to identify true incidents and dismiss false positives
  • Proactively block threats before they impact the business using the Recorded Future risk lists
  • Reduce time for threat detection, remediation, and response