The Ikanow open source big data cyber analytics platform was built from the ground up utilizing technologies such as Hadoop, MongoDB, and elasticsearch. These make it easy to plug-and-play with different applications, data sources, and technologies. We deploy monthly releases of our open source platform so as you can imagine, there are new integrations, features, and capabilities being added on a regular basis. We don’t get a chance to blog about each and every integration however, we are extremely excited about our latest release. It’s a major new integration.
When you hear of event log management/monitoring software, Splunk probably comes to mind. We actually use Splunk here at Ikanow and it’s great at analyzing more structured data. But what about when you want to analyze and gain insights from more than just data from servers, sensors, applications, databases, and other structured cyber analytics data sources? What if you want to fuse all of this data with unstructured data such as social media, email, PDFs, open web data, and more? There isn’t an open source intel-style document analysis application that also does log analysis…(cue dramatic music) until now!
“The side-by-side integration of record-based analysis with a robust, cost-effective, and scalable cyber analytics platform is a game changer for my analysts. Ikanow provides the flexibility to solve not just today’s problems – but the ‘unknown/unknowns’ of tomorrow’s problems” states the Head of Cyber Threat Intelligence from a Fortune 200 organization.
In our latest platform release, we’ve integrated with an open source event log management application, Logstash, which is now part of the elasticsearch family! On top of the Logstash integration, we’ve also integrated with elasticsearch’s Kibana to easily visualize big data.
Fig. 1: screenshot of elasticsearch’s Kibana
These integrations have been designed with cyber use cases in mind. They take advantage of the strong open source community which will enable rapid expansion of capabilities, algorithms, visualizations, and connectors. This means, as the community builds out new features and capabilities, our users will be able to reap the benefits!
You can now use our big data cyber analytics platform to do things such as:
- Reduce the number of applications you are using for cyber analytics;
- Quickly detect, respond, and eliminate threats;
- Fuse data together from multiple, disparate sources, giving you a more complete picture of your cyber intel posture;
- And much more!
Fig. 2 screenshots of IKANOW’s record analyzer, entity significance, and map visualizations
When you couple these features with our existing capabilities of rapid big data ingestion, the flexibility to easily integrate new technologies, and the empowerment we provide to our end users (which means little need for IT involvement) it provides organizations with a solution that:
- Dramatically improves the organization security posture;
- Allows analysts and executives to make more informed decisions;
- Reduces organization risk so that you can focus on your top and bottom line; and
- Is cost effective.
Is your organization interested in learning more about how big data cyber analytics and log analysis can improve your cyber posture? Then contact us for more information. If you’d like to download our open source platform (Community Edition), you may do so by clicking the button below. The latest monthly build includes the Logstash and Kibana integrations.