The concept of having a single suite of interconnected products, which come without the headache of installations and with optimal performance from each facet, is sometimes the best option. The other consideration is to go for a ‘best of breed’ selection of products, which may not work together and leave you with vulnerable spots even whilst using the best technology.
This is an issue that cybersecurity vendors are well aware of, and they add new factors to their offerings. I recently met with Securonix whose recent acquisition of ThreatQuotient added a threat intelligence capability to its existing portfolio of security analytics, threat detection, and incident response through its cloud-native Unified Defence SIEM.
Specific and Actionable
A provider of advanced cybersecurity solutions, Securonix said the acquisition strengthens its ability to provide more specific, actionable, and automated insights by integrating threat intelligence directly into its SIEM and UEBA foundation. This comes at a time when customers are looking for fewer vendors and more consolidation, making the unified platform approach attractive.
Its VP Europe, Tim Bury, said this addition strengthens its unified platform by combining UEBA (User and Entity Behaviour Analytics), SIEM, real-time threat intelligence, and AI agents to create more actionable, efficient, and board-relevant security outcomes while reducing complexity, cost, and noise for customers.
He says that customers are looking to try to consolidate the number of providers they have, “but it’s really about extracting that value, and what we were finding is we were always ingesting different feeds, threat feeds, but there wasn’t that platform to make it effective.”
Great Integrations
Bury later admits that having the wider suite is advantageous because it offers a more holistic view. If you don’t take a holistic view of the different components that the customer has, then you’ll be missing things.
“We’re trying to ensure that everything is included,” he says. “In addition to the external sources and threat intelligence content, our customers were using other sources for that, but they couldn’t necessarily do things intelligently that were fully integrated into a single Unified Defence SIEM. It’s about bringing it together.”
That value lies in the integration, Bury claims, while his colleague Cyrille Badeau, VP of International Sales at Securonix, says that leveraging threat intelligence adds more expertise making the SIEM more effective for customers. “That could change how people operate – and potentially resolve many issues,” Badeau says
Threat Intelligence
The acquisition of ThreatQuotient adds threat intelligence to its offering, as Bury says that the integrations work together to “get a single pane of glass,” which he admits is very difficult to achieve and get value from, but fits within its remit of trying to make its offering super simple.
Bury says its own research determined that customers are using a variety of sources for threat content, so it was advantageous to bring in a platform that can extract the value out of that threat content, which is more specific to customer needs, and increase both automation and integration into the Securonix platform “to make it more meaningful and actionable.”
Badeau says that adding real-time threat intelligence was the realistic next level for the UEBA, as that intelligence can be used as context for any decision. He also says that the intelligence can “build a memory to learn over time,” so if something new is seen, it may not be the same as what was seen the previous time, but actions can be taken.
“What are the good things to hunt for? Those are the priorities you need to worry about,” he says. “Maybe you have an adversary after you, and that adversary is known to have three different techniques you have detected: the first two are used often, and the third is never detected, so either they never tried on you, or maybe we should automate the threat hunting capability based on the third capability?”
Board and Breach Ready
Secuionix’s ethos is based on three elements: being board-ready, breach-ready, and AI-powered. Bury explains that being breach-ready means that an organisation is ready to defend itself. Being board-ready recognises that cybersecurity is a board-level challenge, and there is a need to understand the outcomes that they’re looking for. Finally, everything needs to be AI-powered.
“Another objective that our solution helps you do is identify where you’re at risk, so that you can prevent a breach from happening,” Bury says. “It’s looking at intent and catching things before they happen. If you are attacked, it is about how you identify that and take remediation action in a very short period of time.”
Some ten years after the last flourish of stand-alone threat intelligence providers emerged, and were ultimately acquired, the combination of SIEM, TDIR, UEBA and SOAR offered by Securonix is now augmented by the addition of real-time threat intelligence, and the offering to be ahead of the attack and breach-ready sounds promising.
