Use Cases

Don't Just Listen. Start Understanding.

Gemini Enterprise delivers awareness and accelerates analysis across enterprise siloes using contextual intelligence, transforming the way organizations solve problems and share knowledge.

Operational Risk

Gemini Enterprise drives awareness of business risk and impact of IT events and data by automating contextual intelligence across siloes.

  • Clearly understand business risk and impact arising from operational issues involving security, applications, platforms, infrastructure.

  • Challenges involving complex problems that may span different areas such as application management, networking, SLAs, etc. can be time-consuming and difficult to understand.

  • Resolution time is critical when business impact is measured in seconds.

Application Dependency Mapping

Understand dependencies and interoperability between software components and the impact of version upgrades on availability.

Gaining operational intelligence for a typical business enterprise platform involves a large number of application logs, network activity data and other configuration information, and requires the ability to drill into particular dimensions, such as tracking the flow of a transaction across different elements and components in a SOA architecture. It also requires the ability to understand application dependencies. Most applications use a variety of database, functional application services, and internal and external HTTP based web services. It is critical to understand how these dependencies can affect application delivery and performance for your users.

Engineers often use manual processes and tools like Visio to document dependencies and explain how services talk to each other. This is error-prone, likely to be out of date and simply cannot support scalable operational intelligence. APM solutions provide some automated gathering, but don’t necessarily incorporate other sources of intelligence such as network activity. Network Performance Monitoring (NPM) tools are focused entirely on network performance and cannot delve into applications.

Gemini Enterprise can ingest application logs from SIEM platforms, application data from APM and even network activity and configuration data from different sources. And, it provides a single, interactive analysis of application dependencies. When changes or upgrades are planned to components like a MySQL database, Gemini Enterprise makes it easy to track down dependencies and understand operational impact to web services dependent on it. On the other hand, when application exceptions are generated in the web-tier, it can be traced back to API service timeouts caused by a dependency on an external vendor’s API.

Multidimensional Transaction Tracing

Analyze failures by tracing the critical path of transactions across systems, domains and networks to identify root cause.

Transactional tracing is a critical aspect of gaining operational intelligence in a complex system. Similar to application dependencies (covered here), it represents significant challenges for IT personnel that are not easily addressed by existing tools. For example, the challenge can start with a transaction failure reported by a user or SLA alerts that indicate lowered search volume for a reservation platform. Delving into root cause can involve tracing the path of a transaction, a web session, or series of microservices - both inside and outside the enterprise. This investigation can require tracing in multiple dimensions, often concurrently. This can include network events and connections, calls to internal external services and any resulting errors, or even database-level activity.

Gemini Enterprise acquires intelligence about event and non-event data across network activity, application logs, security data and configuration changes. This gives the user a unique perspective on tracing the critical path of a transaction and allows for further detailed drill-downs into any data source. The path failures are clearly highlighted on the Gemini Knowledge graph. Further annotation by analysts can add additional contextual information and connections, making it easier to identify the root cause of an issue within the context of a complex transaction.

Customer Satisfaction

Investigate problems in business SLAs and user experience to identify IT, platform problems across a complex transactional environment.

Any company that transacts in products online is dependent on intricate interconnected systems that have to work together to manage inventory, execute sales transactions, and handle shipping and order fulfillment. This requires each system, often provided by different vendors in a supply chain, to commit to SLAs for availability and response times.

End-user experience is typically measured through real-time or post-transaction surveys, and the performance of each individual services and systems are monitored with respect to established SLAs. However, determining the specific drivers of bad customer sentiment can be extremely difficult, requiring piecing together of all impacted transactions and analyzing their state as of that time. Investigating with Gemini Enterprise can makes this substantially easier and faster.

Using Gemini Enterprise, a frontend admin team for a web storefront can explore an observed drop in satisfaction and discover a series of SLA violations corresponding to the timeframe of the drop in satisfaction. It’s easy to quickly and accurately explain failures in in-stock reporting so you can understand what is making customers unhappy. This ability to reach across technical and business realms is central to the value of Gemini Enterprise.

Application Performance

Analyze application issues to identify root cause across servers, software, network.

For critical systems involved in revenue driving transactions such as ecommerce storefronts, delays or outage can have immediate and disastrous business consequences. Business Process Management (BPM) systems or App Performance Management (APM) platforms are well suited for identifying and quantifying the nature of an event and the business impact associated with it. However, quickly showing where the break point is in an application flow and identifying root cause requires different tools. Further complicating the issue is that a failure might lead in different directions - application or platform problems, network connectivity problems, user error, or a security threat.

Gemini Enterprise unifies intelligence across different domains and makes it possible to explore relationships and context seamlessly. It allows exploration in any dimension where the problem leads, without need for detailed knowledge of the data or systems involved. From understanding connectivity failures, to network configuration and change management and user access. Pre-aggregated intelligence that makes this process both simple and fast, reducing fix time and ensuring greater uptime.

CTA Arrow

Security

Minimize knowledge gaps and accelerate complex security investigations by combining human and machine intelligence.

  • SIEMs, log aggregators and specialized platforms generate alerts, but don’t provide enough context for investigating them. Security analysts find it increasingly hard to keep up with the increasing workload and complexity.

  • Shortage of experienced analysts adds to organizational risk, impacts efficiency, and prevents mitigation of security issues.

  • Without clear narratives it can be difficult to relate security problems to business impacts.

Insider Threat

Investigate complex scenarios involving unauthorized access where conventional access control or policies are difficult to apply.

Threats from inside the network or from users within the organization are notoriously difficult to identify and profile. A typical case involves what appears to be a legitimate user who may or may not be engaged in data theft (exfiltration).

Typically, this type of attack would be difficult to detect with traditional perimeter defenses and security analytics solutions because there are no obvious violations to trigger alerts. Some UEBA solutions might identify an unusual pattern of activity, but not provide adequate information to make a determination. Here’s how Gemini Enterprise makes this easier.

  • Using the Active Directory integration, the Gemini graph can reveal the circumstances around the creation of the account - specifically that it was was actually created and added to the “Administrators” group by a privileged admin.

  • Further exploration can provide more insight into what the admin user did with the newly created account. Timeline analysis can reveal a short time period between creation and usage of the account for data access, always a point of suspicion.

  • Drilling into network activity associated with the account reveals a print session on a network printer, identifying the files involved, the account used to print, the number of pages and additional details that may be used to associate the printed content with this incident.

  • Within a few clicks, Gemini Enterprise made it possible to reach across silos and help stop a potentially impactful incident.

Data Loss Prevention

Identify and understand DLP attempts such as DNS ex-filtration, by tracing events inside and outside the enterprise.

One of the most creative and pervasive Data Loss scenarios that security teams have to deal with is DNS exfiltration. This involves taking advantage of the fact that DNS ports are usually open to allow for browser activity, allowing Malware inside the network to use DNS lookups to pass encrypted data to a modified name server on the outside, which can decrypt the payload and transfer sensitive data through a firewall.

While packet detection may identify a particular DNS request for containing an unusual payload it is difficult to piece together the exact sequence of transactions involved both inside and outside the network, making it difficult to understand the nature of the theft and the actors involved. Gemini Enterprise simplifies this analysis by working from the suspected transaction to identify all connection points and sequence of events involved in the exfiltration. Using data from existing sources, it simplifies this complex investigation from a matter of hours to a few minutes.

Killchain Confirmation

Correlate discrete events that could represent Advanced Persistent Threats (APT), analyze activity to identify bad actors and vulnerabilities.

Real-world security breaches usually don't resemble "one attack, one direction". Breaking into a network takes many steps as an attacker pivots from one system to another, one level of access to a higher one, with multiple tools and techniques involved along the way. The job of an analyst is more than just determining whether an alert from an IDS system is real or a false positive. They must reveal the larger pattern of activity behind detections of malicious activity and show where disparate actions across seemingly unrelated systems are connected.

Gemini Enterprise "connects the dots" by finding relationships that exist outside the company infrastructure that demonstrate a direct correlation between otherwise very loosely-connected events. Start with killchain indicators and paint a full picture including compromised hosts, users, blacklisted IP addresses, prior campaigns, IDS signatures, malicious web pages, and eventually a timeline of attack. All in minutes instead of hours.

Industrial Controls Security

Analyze end-point controls in an industrial IOT infrastructure.

IoT and the security challenges associated with it are further complicated when dealing with Industrial Control Systems (ICS). The implications of ICS breeches are more than user data loss or a failed transaction. They can cause entire factory floors to stop or create a hazardous working environment.

Risk within an ICS system can come in two different forms. ICS Networks can be breached like any other data network using advanced persistent threat (APT) methodology to identify and exploit vulnerabilities. Controllers and sensors, such as temperature sensors, relays, and activators present another surface area for bad actors to manipulate code vulnerabilities. Outdated hardware, and even physical access, often create havoc. All together, these represent a highly focused confluence of risks that can be overwhelming for analysts using conventional applications.

Gemini Enterprise provides an easier way of analyzing and auditing application dependencies that sheds insight on out-of-date versions and known vulnerabilities in sensor platforms. Analyzing change management simplifies impact analysis for a rolling version upgrade across the network. And finally, it provides a full suite of standard network and endpoint security analysis capabilities with visual graphs to reduce the highly complex to simple, understandable scenarios. Gemini Enterprise easily scales to support both data volume from devices as well as network complexity.

Compliance

Analyze end-point controls in an industrial IOT infrastructure.

  • There is no single source of truth where auditors can see activities aligned with processes, perform gap analysis with respect to compliance controls.

  • Regulatory requirements often involve investigation of activities in gray areas to determine violations.

  • Canned reports and dashboards, such as those from log management tools, may meet data collection requirements but are insufficient for governing complex user behavior.

Corporate IT Security

Analyze user activity, controls in line with enterprise policies, encapsulating physical security, system security and user behavior.

Identifying improper access to sensitive data is not always clear cut. Two examples are (1) employees accessing records from unauthorized home computers and (2) employees accessing records unrelated to their responsibility, such as for friends or celebrities.

In these cases, it takes more than just an alert to log appropriate information for governance. It takes a full understanding of the accesses, the systems, users and data involved combined with the ability to intelligently outline connections between these elements and events. This helps analysts understand the propriety or impropriety of access. Gemini Enterprise facilities and greatly accelerate this process.

HIPAA - Sensitive Data Access

Audit and investigate access to sensitive data or use of insecure means for access, to meet HIPAA in health care.

A frequent scenario for compliance/governance for sensitive data such as HIPAA is ensuring the legitimacy of employee access to patient data. HIPAA rules strictly limit such access. Two examples of this are (1) employees accessing patient records from unauthorized home computers and (2) employees accessing records unrelated to their responsibility, such as for friends or celebrities.

In these cases, it takes more than just an alert to log appropriate information for governance. It takes a full understanding of the accesses, the systems, users and data involved. Gemini Enterprise provides this understanding by allowing you to connect the dots between disparate data sources and applying contextual intelligence to investigations. Use the Gemini Knowledge graph to easily see and understand who has access to patient data and in what system that data resides.

FISMA – Process Transparency

Audit internal actions and processes for terminated employees.

Insider threats are a dominant threat to the enterprise. Danger arises when a threat remains undetected for a long period of time and/or behavioral profiles are insufficient to detect bad actors. Insiders are more capable of hiding their tracks and disguising activity.

FISMA mandates a standard set of controls over employee termination such as disabling of data access, revoking credentials, exit interviews, and retrieval of all company data. While conventional audit reports can indicate if required actions were taken, latency between data silos and applications can result in failures in effecting permissions changes or allow certain kinds of access or data movement to occur.

Gemini Enterprise graph provides a simplified view of access, actions performed and resulting system impact in an interactive paradigm. A timeline view illustrates changes to employee access over time, clearly indicating if certain access or data movement lingered past the point of termination. Having all contextual intelligence about the user, applications and systems makes it simple to understand and explain gray-areas in profiled activity. This makes it invaluable for documenting and defending FISMA controls.

GDPR Compliance

Support GDPR’s requirements for Personal User Data Erasure and Right To Be Forgotten.

Articles 16 through 20 of the European Union’s General Data Protection Regulation (GDPR) require explicit handling of customer data to erase and provide confirmation of erasure of customer’s data for any of several reasons including but not limited to withdrawal of customer consent or change in customer status. In these situations, it is equally important to ensure deletion actions have been taken in all appropriate data sources and aggregation points, and that the sequence of activities have taken place within the compliance timeline of 30 days.

The sequence of steps can be complex to execute and track.

  • Step 1: Confirm - Provide confirmation to user of receipt of request
  • Step 2: Locate/Audit all internal and external systems for traces of customer data
  • Step 3: Notify all required third parties
  • Step 4: Removal of all data in question
  • Step 5: Removal Confirmation and reporting to user

Gemini Enterprise graph provides a simplified view of access, actions performed and resulting system impact in an interactive paradigm. A timeline view illustrates changes to employee access over time, clearly indicating if certain access or data movement lingered past the point of termination. Having all contextual intelligence about the user, applications and systems makes it simple to understand and explain gray-areas in profiled activity. This makes it invaluable for documenting and defending FISMA controls.

By tracking logs from orchestration platforms, it can also provide conclusive proof of actions taken. By providing a visual report of events, actions and resulting impact all on a single timeline, it helps serve as conclusive, defensible proof of compliance.

ITSM

Gemini Enterprise helps improve service delivery, quality and efficiency combining service tickets with intelligence derived across IT, security and business data.

  • Without a unified view of IT assets it is challenging to understand the business implications of IT events and planned changes.

  • Prioritization of IT incidents can be challenging without full historical context.

  • Creating awareness of broader business implications of IT decisions and events can be challenging across business and technical groups.

Service Degradation & Outages

Quick access to contextual intelligence to understand the drivers and downstream implications of service degradation.

In order to function effectively, IoT infrastructure must scale seamlessly. Unlike full computing devices, IoT endpoints are typically higher in volume, but have to contend with lower bandwidth connections and limited battery power. This impacts performing firmware upgrades across the network, causing a complex, rolling process that sometimes lasts weeks. As a result, IoT networks have to contend with a multitude of different firmware versions and devices in different states of upgrade. When performance degrades or problems are encountered, the state of the end-point device and all devices in the connection path back to the server are called into question.

Gemini Enterprise helps visualize these complex scenarios and makes it easier to understand correlatory factors, allowing users to drill into individual devices or approach investigations in terms of patterns of behavior.

Predictive Failure Analysis

Analyze predictive failure indicators with augmented intelligence on infrastructure components.

Predicting MTBF or component failure is valued as an important output of ITSM platforms. Typically, these platforms use machine learning techniques and past performance to identify patterns leading to failures. As useful as these predictors are, they don’t always help direct appropriate action. In most cases, further analysis is needed to understand the full context for the prediction, the likely impact of such as failure, and other logistical complexities.

Gemini Enterprise accelerates this analysis process by correlating information with context using machine reasoning. Quickly summarize different factors involved in analysis and understand the likely impact on interconnected systems.

Asset Discovery

Automate the process of asset tracking and help identify rogue elements or policy violations.

Predicting MTBF or component failure is valued as an important output of ITSM platforms. Typically, these platforms use machine learning techniques and past performance to identify patterns leading to failures. As useful as these predictors are, they don’t always help direct appropriate action. In most cases, further analysis is needed to understand the full context for the prediction, the likely impact of such as failure, and other logistical complexities.

Gemini Enterprise accelerates this analysis process by correlating information with context using machine reasoning. Quickly summarize different factors involved in analysis and understand the likely impact on interconnected systems.

Service Workflow Optimization

Understand the bottlenecks in team efficiency and ticket resolution times.

Predicting MTBF or component failure is valued as an important output of ITSM platforms. Typically, these platforms use machine learning techniques and past performance to identify patterns leading to failures. As useful as these predictors are, they don’t always help direct appropriate action. In most cases, further analysis is needed to understand the full context for the prediction, the likely impact of such as failure, and other logistical complexities.

Gemini Enterprise accelerates this analysis process by correlating information with context using machine reasoning. Quickly summarize different factors involved in analysis and understand the likely impact on interconnected systems.