Network security is an extremely difficult job and so one of the important goals we have as a company is to simplify it.
To achieve this, we listen carefully to our customers and to the market, to understand where we can focus our efforts to continue to develop a product that is both comprehensive and makes the job as a defender a little bit easier.
We recently announced the latest release of the Bricata platform and we’re highlighting the top three new features here.
1) Network metadata filters to specify the network logs you want.
These new filters enable security teams to fine-tune the specific network logs that are streamed to the Bricata Central Management Console (CMC) repository and to other third-party forensic repositories and SIEMs.
In the Bricata solution, these logs are generated by Zeek, which can produce some 400 possible data fields. That volume can be overwhelming, so these filters allow a security organization to collect just the logs they want. This also helps the security organization use their resources more efficiently by removing nonessential data that consumes storage and repository space.
2) Customizable central management dashboards.
While the new filters let users modify the network logs they collect, the CMC dashboard allows users to customize how they view data analyzed in the platform. The dashboards in Bricata can be personalized through a palate of drag-and-drop widgets. This permits users to create unique CMC dashboards that align exactly with their network situational awareness requirements.
3) Smart alert grouping to reduce alert fatigue.
Alert fatigue is a real problem in cybersecurity. Several studies show a security operations center (SOC) can receive thousands, even tens of thousands of alerts per day. Bricata helps reduce this by grouping multiple alerts together that have the same triggers but are detected in different ways – i.e. anomalies, IOC matching, AI-binary conviction and signature detection. This reduces alert fatigue that sometimes results from a single threat that is detected in multiple ways and therefore triggers multiple alerts.
The Bricata solution enables grouping in three ways:
a) geographic location;
b) 3-tuple hash (client-server); and
c) the 5-tuple Community ID hash.
The Community ID is part of the open-source Zeek project that will ensure interoperability with other cybersecurity solutions that are also adopting this up-and-coming standard.
* * *
These are just a few of the new features we’ve added in this version of the product. To learn about the other additions, please see the full announcement – Bricata delivers network protection with enhanced customization features – or you are welcome to schedule a live demonstration.
If you enjoyed this post, you might also like:
One Environment – Three Objectives Satisfied