Data interchange formats and performance

When two programs need to exchange data they need to agree a common format for the data in transit.  This could be a binary format, or it could be some sort of human readable text.

The binary format could be defined by one of numerous pieces of middleware, or a public format such as Google Protocol Buffers.  The text format could be one of the titans of data formats: XML or JSON.  Or it could be something more old-fashioned, like comma separated values (CSV).

Read More

Bringing Alert Management into the Present with Advanced Analytics

As originally published by APMDigest.

We have smart cars on the horizon that will navigate themselves. Mobile apps that make communication, navigation and entertainment an integral part of our daily lives. Your insurance pricing may soon be affected by whether or not you wear a personal health monitoring device. Everywhere you turn, the very latest IT technologies are being leveraged to provide advanced services that were unimaginable even ten years ago. So why is it that the IT environments that provide these services are managed using an analytics technology designed for the 1970s?


Read More

Excluding Frequent from Analysis for Smarter Anomaly Detection

A new feature with v3.5 of Anomaly Detective is the ability to automatically exclude frequently observed entities from analysis. In this article, we’ll discuss the rationale behind this setting and it’s applicability as an alternative to “whitelisting."

Read More

Anomaly Detection in Periodic Data

A lot of machine data is periodic, with daily, weekly, perhaps even monthly cycles to it. So, how does one accurately uncover unusual behaviors in this data, taking into account its natural periodicity? We’ll explore how Prelert’s machine learning anomaly detection automatically learns the periodic “harmonics” in your data, and accurately finds deviations in expected behavior, all while taking that periodicity into account.

Read More

What’s in Store for the Future of IT Security & Machine Learning?

Here's What an Experienced Enterprise Architect Thinks

Bill Stangel has 30+ years experience implementing technology strategy, architecture and direction across global enterprises in financial services, employer services, healthcare, telecom, aerospace and defense industries.  He has had the opportunity to work from the Web to the Mainframe, with entrepreneurs and emerging companies.

We’re fortunate to have Bill as an advisory board member at Prelert and highly value his opinion, which is why we thought you might too. We sat down with Bill to pick his brain about the future of IT security and where machine learning will play a role. Here’s a recap of the conversation:

Read More

Analyze bigger data with summarized input

In my last post I talked about the StatsReduce feature of Prelert Anomaly Detective® for Splunk that debuted in version 3.3 at the beginning of October 2014.

Last December version 1.2 of our Engine API product made generally available the ability to submit pre-summarized data to our REST endpoints for analysis. The performance benefits are effectively the same as for StatsReduce in Anomaly Detective for Splunk. So why the different terminology?

Read More

Machine Learning the Sucker!

A recent blog post by Gartner Analyst Dr. Anton Chuvakin caught my attention.  Titled "SIEM/ DLP Add-on Brain?," it mentions that “we now [have] a decent number of vendors that offer, essentially, an add-on brain for your SIEM.”  Dr. Chuvakin has long maintained that SIEM (Security Information and Event Management) tools have been sorely lacking in their ability to actually perform the “analytics” that are necessary to extract insight from the data that IT Security and Operations teams collect as logs.

Read More

Distilling Alert Noise to Find Real Problems

kevin-headshot

Whether your concern is IT security or operations, it is highly likely that you are dealing with way more alarms than you have the resources to follow up on. Even modest sized organizations today are dealing with such overwhelming volumes of alerts that they aren't even sure what percentage are false positives. Alert fatigue is one of the biggest drivers behind investigations of advanced analytics for operations and security.

Read More

Slow Attack Detection

Detecting “brute force” attacks is a very common and obvious approach to identifying those users who are attempting to “break-in” using high-velocity, high-combinations of authentication credentials. But what about the opposite situation - an attempt to gain access via slow, but pervasive attempts at authenticating while keeping “below the radar” and avoiding potential failed authentication lock-out schemes? One of our users was successful in detecting this by leveraging one of Splunk’s default fields - “date_hour" and piping the search to Prelert.

Read More

Advanced Persistent Threats: Minimizing Losses with Early Detection

As originally published by Help Net Security.

Let’s travel back to 2006, the year the blockbuster, “The Departed,” came out. Matt Damon plays a young criminal who has infiltrated the state police as an informer for South Boston’s Irish Mob. Working his way up the ranks, he gathers sensitive information about the plans and counter-plans of the operations he has penetrated and leaks them to his organized crime cohorts. Eventually, police suspect that there's a mole in their midst. Now, we all know how this ends – Damon is exposed and killed by Mark Wahlberg for his stint – but not before wreaking havoc throughout the department.

Read More

Subscribe to updates

why all IT Security professionals should be using anomaly detection software

Free Whitepaper: 3 Ways that Anomaly Detection Software Improves Your IT Operations and Performance Issues

Anomaly Detection: A Look Under the Hood - Watch the technical video now

What is Anomaly Detective? Watch the product video.