Existing SOC and SIEM are limited in their ability to triage modern threats. Legacy SIEM solutions were built to analyze terabytes rather than exabytes of logs, events and constant streaming of new data. Data is not only growing in volume but also in complexity and dimensionality, being collected by a multitude of monitoring platforms and devices.
Being able to analyze such enormous amounts of data, given the high velocity and variability, requires a new approach. It is critical to have rapid access to as much data as possible - with threat intelligence and log data often spanning 10+ years - as well as keep data at its granular level to enable effective threat detection.
Varada enables security teams to minimize operational challenges by leveraging the cloud data lake as a next-generation security platform. The cloud data lake serves as a repository for any relevant datasets, structured or unstructured, keeping it granular and flexible for any query. The analytics acceleration platform, delivered by Varada, is completely decoupled from the storage layer and can easily scale to serve fluctuating demand. Varada continuously monitors queries to identify which data is used and how it’s being used by workloads. This critical observability is then leveraged to dynamically and automatically accelerate security team workloads with adaptive indexing, caching of threat data or caching intermediate results.
Security teams and the SOC are often faced with extremely challenging, “needle in a haystack” analytics scenarios, which can be time-consuming, wasting critical cycles. These searches and efforts to locate an IOC can be dramatically accelerated by indexing. Organizations can effectively use highly dimensional datasets without moving the data or modeling it -- Varada indexes data directly from the data lake across any columns. Indexes adapt to changes in data over time, which is critical for effective anomaly detection across vast datasets. Based on the data type, structure, and distribution of data, Varada automatically creates an optimal index from a set of indexing algorithms including text-optimized search and index (based on Apache Lucene), bitmap, dictionary, trees, etc.
Varada’s smart engine detects bottlenecks automatically and adjusts the cluster and acceleration techniques to ensure business requirements are met at the allocated budget.
To ensure performance, many enterprises compromise on accessing all their available data and settle for isolated data silos that have been prepared and modeled to enable speedy analytics. The data lake, which is a cheap and simple storage layer can serve as your modern replacement to a legacy SIEM to serve cutting edge threat detection and analytics. Varada instantaneously transforms your available data into operational data so you can serve any SQL workload and leverage x10 more data. Varada enables analytics workloads to access raw behaviour data, connect disparate “dots” to detect multi-abnormalities, and compare real-time activity to patterns in the data lake to help rule out false positives and quickly identify legitimate threats.
Varada’s dynamic and adaptive indexing technology enables security analytics workloads to run at close to zero latency response time, especially highly selective queries (needle in a haystack) data demands. Varada delivers x10-x100 faster response time than other data lake based analytics platforms. Varada automatically analyzes and detects which datasets to accelerate, and then applies the optimal index. Security operations teams have full control to prioritize analytics projects, define budgets and performance requirements.
At the core of security-driven analytics is the ability to quickly identify new threats. The security data lake enables organizations to store any new dataset from any source and easily integrate new datasets as they become available. Varada’s analytics platform works directly on raw behavior data, without any need to model data to improve performance. This means that any new data can be analyzed immediately with zero time-to-insights, resulting in very fast results for hunting and threat intelligence, without losing the full dimensionality of the data.
When compute and storage resources are tightly coupled, organizations tend to limit scaling and expansion to avoid the hefty price tag. By moving to a security data lake strategy, organizations can avoid the scaling dilemma. Furthermore, Varada’s unique big data indexing technology reduces the data scanned by analytics queries by at least an order of magnitude, which means compute resources are utilized in a highly effective manner. Elastic scaling enables the ops team to be ready for any analytics needs as they fluctuate and evolve.
Varada is deployed as a private managed service, running in your Virtual Private Cloud (VPC). Data is not duplicated and does not need to leave your account. Varada seamlessly connects to all your existing data sources and serves any SQL analytics project out-of-the-box.