Reduce complexity, automate management of big data
Investigate threats and incidents with full context
Analysis of events and environments to identify root cause
Audit access and configurations via system of record
Regulatory and compliance requirements often dictate the need for a separation of duties and restricted access to data. The Gemini Appliance provides for such autonomy by offering an isolated, easy to manage solution for deploying and managing Splunk and Hadoop Clusters using Cloudera that does not require shared corporate resources or administration. This is particularly appealing to information security teams who desire a platform that is completely within their control.
Organizations are continually battling resource constraints, which often leads to administrators experiencing extended wait times for IT Operations support. The Gemini Appliance reduces these wait times by placing administrative control back into the hands of the system owners without requiring any Linux or Windows administration expertise. Changes to network settings, NTP servers, and application versions can all be managed centrally, and without the need for an IT Ops service request.
Today’s complex big data systems often rely on components that live on multiple servers in different locations. Systems administrators agree that automation is the key to providing consistency across system configurations and updates. The Gemini Appliance comes configured with automation tasks to manage your entire Gemini infrastructure. Reconfigure groups of servers, update application versions, and enforce access controls on the fly from a single screen regardless of where the Gemini Appliance nodes are deployed.
Migrating services and applications to the cloud can often involve different management interfaces or even call for different expertise. Gemini simplifies this dramatically by providing a consistent, easy to use management interface, the Gemini Enterprise Manager, across any combination of on-premises and Cloud-based assets. Manage indexers on physical appliances and search heads in the cloud on a single, simplified management screen.
Completely reconstructing the full cyber kill chain is an enormous challenge. An analyst must discover and identify every stage of an attack from reconnaissance to exfiltration. Volumes of data must be analyzed to uncover stages of an attack in their multiple forms, both active and passive, over longer periods of time. A single attack is typically presaged by discovery activities to identify possible attack vectors, vulnerabilities, access attempts, actual exploitation, targeted systems and applications, and ultimately leading to the actual malevolent objective, be it data theft, attack on service, or ransom. Atlas accelerates the pace of discovery of each of these activities within the kill-chain, and can help detect and disable attacks faster.
The number of threat detection tools used by security teams have grown with new technologies like anomaly detection and machine learning, on top of the traditional signature based tools. Unfortunately, this only adds to the inevitable false positives that analysts have to triage. The result is “zombie workflows” and analyst fatigue. Atlas helps triage key information quickly to identify real threats among the flood of alerts.
Unlike simple hacks intended to access and exploit quickly, Advanced Persistent Threats (APT) represent a highly motivated and dedicated attacker, geared to perform long-term damage by staying undetected within the network. A key factor in defending against APT threats is have an in-depth understanding of your own environment, its systems, vulnerabilities, actors, possible attack vectors, and activities within it. Atlas can takes the grunt work out of gathering contextual data to understand the information technology landscape and streamline the process of securing your environment. Analysts spend less time on information gathering, and can process more information, and ensure that systems stay secure and the critical events are not missed.
Investigation of potential phishing or otherwise suspicious activity reported by users is a common, and sometimes deceptively challenging task for IT and Security analysts. Using Atlas, an analyst can easily distill historical email data to isolate particular senders or recipients, email subjects or file attachments, and identify relevant patterns. Secondly, by incorporating user role and organizational function, derived from Active Directory, the investigation can also outline patterns of behavior that don’t conform to organizational roles. Finally, dangerous attachments can automatically be matched to known malware. Triangulating these different areas automatically and visually helps accelerate investigations of targeted attacks.
Often a simple report of a failed connection or broken application can result in hours of investigations to determine the root cause. It takes iterating through database servers, web servers, network hosts, switches and port configurations. It also invariably requires detailed understanding of network topology, configuration and tools. Atlas uses event data and network configuration data to build a semantic map that allows the analyst to easily click through different elements in the critical path and visually identify points of failure. When problems are discovered, knowledge of the configuration history illuminates root cause changes and full context around the administrator involved. What would take hours can be determined in a matter of minutes with absolute certainty.
It’s difficult to understand potential issues related to system, application, financial, and other transactions by simply reviewing log data. It takes full contextual awareness to discover things like anomalies, breakage, and fraud. By visually uncovering the patterns between key data points involved in transactions, such as accounts, applications, systems, and IDs, Atlas can help quickly discover and remediate a variety of issues related to transactions.
The “who did what and why” challenge consumes many Dev-Ops and IT-Ops analysts. A simple configuration change can have broad ranging impact across performance, availability, connectivity, and security. The Atlas intelligence repository retains knowledge of changed information along with context including people, applications and timing of these changes. By illustrating history and context, Atlas enables a faster and more complete understanding of issues.
With enterprise infrastructure becoming increasingly complex and involving on-premises and cloud components, keeping track of end-points, hosts, networks and access is a full-time task. Atlas combines dynamic topology data with uses user access data, session activity and network data streams to draw a complete picture of enterprise systems and networks across hybrid environments. This puts any troubleshooting efforts in direct environmental context allowing easy drilling into specific problems, visually and iteratively.
Enterprises that transact in sensitive or regulated data such as HIPAA, PCI-DSS or SOX have added burdens of ensuring that access is restricted, audited and reported. This typically involves tracking of data access with respect to user security levels or organizational roles. Beyond simple heuristics, this can also involve looking for access patterns that may involve regulatory violations such as sharing information across regulatory firewalls, or corporate policy violations involving customer privacy or intellectual property.
Compliance audits are a time-consuming and stressful pain-point for analysts. An analyst requires the knowledge to distinguish between normal and vulnerable configurations with the expectation to leave “no stone unturned”. Atlas can bring order to the tedium by clearly organizing users and access with respect to their organizational function, and help outline situations where granted privileges are inconsistent with organizational standards or simply deviations from the norm. In cases where this goes beyond inadvertent mistakes and into malevolent behavior, Atlas can go further to help track bad actors.
As more organizations become data-driven, the modern IT enterprise faces a challenge with rogue or “shadow” systems, applications and networks being utilized often with little or no governance. With network security being only as strong as its weakest link, it is imperative for IT and Security organizations to track, catalogue, and enforce compliance. The Atlas intelligence repository uses both contextual and dynamic event driven data to expose these undocumented systems and applications quickly and easily.
Complex IT networks can span different business functions, numerous hardware elements and software applications. Application of kernel patches for security vulnerabilities or software updates have to be orchestrated carefully in distinct phases. This invariably creates challenges for patch management, audit and compliance, especially in understanding all touch-points in specific critical paths. Atlas makes this substantially easier by visually representing your environment providing a near-real-time picture based on actual events and observed data.