SmaartsTM, a software company headquartered in San Mateo, CA provides the SOC analyst advanced software that accelerates incident response by providing real-time and synchronized historical visibility into combinations and sequences of observable behaviors that map directly to the Cyber Kill Chain. Smaarts works with a broader set of data types than any other security analytics product. It consumes streaming data from multiple concurrent sources and parses each stream into its constituent data elements – from syslog feeds and anti-malware alerts, to Twitter feeds and historical data presented as a stream. It can also query Active Directory, proxy servers and external threat intelligence services in runtime. In the world of Big Data, the richer and more varied the data, the higher the accuracy of the results.
Smaarts is particularly adept at handling unstructured and semi-structured data – device alerts, syslog flows, JSON objects (including Tweets), email messages, documents and more.Only recently has attention been paid to optimize and automate the process of detecting and containing the attacks that get through. More than half of successful attacks extract corporate data within seconds or minutes of infection. Unfortunately, it typically takes days, sometimes weeks, just to detect compromises. This is a vexing problem for almost every organization.
Smaarts is a human-machine collaborative system that leverages both the observational powers of human intuition and institutional knowledge to automate the complex work flows that are manually performed by most SOC analysts today.
Smaarts can also perform real-time forensics through the synchronizedre-streaming of data it caches or that is archived by third-party solutions. When data enters the Smaarts system – irrespective of its native format – it is converted to a stream of integers. This flow is then passed through a series of “Threat Maps,” which contain criteria that are configured to look for complex sequences and relationships between the incoming data elements. The patented approach converts criteria into a structured integer form as well, so that solving for these complex relationships involves simple in-memory integer-to-integer comparisons.
“Our approach lets us solve for these complex relationships as the data arrives,” says Douty. “This ‘Software-on-a-Chip’ analytical throughput opens the door to real-time detection, experimentation, testing of hypotheses, and re-running massive amounts of data at a very high speed and low cost.”
The user-configurable Threat Maps detect the occurrence of complex combinations of behaviors that are strong indicators of compromise. Each Threat Map represents a part of the workflow that analysts perform when responding to an alert. Threat Maps can operate stand-alone to detect certain subsets of a Kill Chain, or they can be linked to each other and uncover data relationships across an entire Kill Chain.
Smaarts brings a new approach to representing, contextually processing and discovering the knowledge in data that reduces the time “right of the hack” – that is, between infection nd proper remedial action. Smaarts complements existing security intrusion and prevention solutions.“The Smaarts solution will offer enterprises the best time-to-value of their security data, and will be able to identify complex combinations of indicators scattered across massive sources of data faster and cheaper than other solutions in the market,” explains Douty.