SlideShare ist ein Scribd-Unternehmen logo

Sophisticated Security - Naïve Bayesian Algorithms by Tim Shelton

Clear Technologies
Clear Technologies

Dynamic Log Analysis is a security product from HAWK Network Defense that uses Naive-Bayesian algorithms and Boolean rule sets to analyze log data and assign threat scores. This allows it to identify true threats by filtering out non-threatening events. It aims to transform average security analysts into a team of "super-detectives" that can quickly discern and prevent real security risks.

1 von 3
Downloaden Sie, um offline zu lesen
Achieving Sophisticated Security Using Naïve-Bayesian Algorithms By Tim Shelton, VP of Research and Development, HAWK Network Defense A New Era: New approach In an era in which dollars count more than ever, a true solution will enable an organization to more efficiently prevent a security breach and respond to each appropriately. Security breaches of all types will continue to affect an organization’s bottom line. It is no longer sufficient to merely respond to breaches. What is needed is a solution that enables an organization to effectively and efficiently anticipate threats. Recently, Network World stated it best: “ ‘Correlation’ has long been the buzzword used around event reduction, and all of the products we tested contained a correlation engine of some sort. The engines vary in complexity, but they all allow for basic comparisons: if the engine sees A and also sees B or C, then it will go do X. Otherwise, file the event away in storage and move onto the next. We'd love to see someone attack the event reduction challenge with something creative like Bayesian filtering, but for now correlation-based event reduction appears to be the de facto standard.” Quite simply, the current marketplace tools rely on basic Boolean rule sets. Although somewhat effective, it usefulness is only as good as the person analyzing, assessing and monitoring the events to identify potential threats. Sophisticated Bayesian filtering will enable the analyst to identify threats and precursors to threats. Famed scientist Thomas Kuhn stated that individuals are unlikely to relinquish an unworkable paradigm, despite many indications that the paradigm is not functioning properly, until a better paradigm can be presented. By utilizing a Naïve-Bayesian Histogram algorithm, Dynamic Log Analysis™ is the next paradigm shift. Dynamic Log Analysis™. By eliminating events that are not of threat, one can identify real threats. Much like a ‘super-detective’ who is constantly monitoring, learning and adapting to threats, dynamic log analysis is constantly performing predictive activities to eliminate false threats. As a result, the average analyst is transformed into a team of veteran ‘super-detectives’ with the ability to immediately decipher a real threat from a minor daily occurrence. This proactive method mitigates the probability that a network will be fully infiltrated. Dynamic Log Analysis™ enables the average analyst to utilize a team of resources that can differentiate events that are not of threat, so that real threats can be identified and prevented. Dynamic Log Analysis™ refers to an event driven solution that iteratively assesses the probability that certain types of events will produce a threat. Using a Naïve-Bayesian Histogram algorithm to assign ‘scores’ as well as utilizing Boolean rule sets, the system learns and places importance on certain types of correlated events. The system then assigns a ‘score’ to the About HAWK Network Defense. HAWK Network Defense, Inc., is a privately funded security information event management company founded in 2006. HAWK’s patent-pending product, Dynamic Log Analysis™, uses Naïve-Bayesian Histogram Analysis technology that acts as a team of experienced security analysts to proactively mitigate risk and transforms the tedious and time consuming task of event logging into a dynamic, powerful experience. HAWK Network Defense is headquartered in the Dallas, Texas and its product, Dynamic Log Analysis™, is exclusively distributed through Clear Technologies of Coppell, Texas. For more information, visit www.hawknetworkdefense.com or www.cleartechnologies.net/DynamicLogAnalysis. -1-
Achieving Sophisticated Security Using Naïve-Bayesian Algorithms By Tim Shelton, VP of Research and Development, HAWK Network Defense threat. Dynamic Log Analysis™’s scoring technology determines the priority of an ‘event’ for alerting and responding and its Multi-Decision Tree Matching Algorithm increases speed of matching of events to rules developed by the administrator. By combining these two processes, the time to identify, respond and remediate an event is greatly reduced. Scoring. Just as a team of ‘super-detectives’ uses their shared experiences to identify and place emphasis on significant threats, the Bayesian Histogram algorithm and Boolean Ruleset assigns a score to define the magnitude of a threat. The ‘score’ is then placed in the database and the administrator is alerted on the most perilous threats. The unique total score is determined by utilizing the naïve Bayesian learning algorithm, the Boolean rule-set, as well as information acquired during the normalization and matching process. All of the gathered information is taken into account before the total score is determined. In its simplest form, the solution performs the following: Once the event, which is any user action, log entry, security notification, and performance statistic, has been selected for processing, its contents are inserted into the database. After database insertion, the event goes through the unique multifaceted scoring process that first includes a determination of the naïve Bayesian score by analyzing the standard deviation. The system is then able to match against those target events that have not been previously identified. In addition, this Naïve-Bayesian algorithm is specifically designed to match against known or trained information. Together, the engine establishes an operating baseline, and to looks for deviations against this standard norm. Next, Bayesian score is included along with the existing event properties to be processed by the Boolean rule-sets, which is list of rules associated with a positive or negative score. Once a Boolean rule-set is matched against a provided event, the associated score is added to the existing score, which in most cases is zero. Once all the rules have been compared against the event, a total score is determined, allowing future actions to be taken based upon the pre- configured score threshold. At this stage, the unique total score only applies to a single event. By assigning each event a unique score, an analyst is able receive alerts on isolated, specific events that exceed a specified score threshold. In addition, isolating and assigning a unique score to each event enables the analyst to conduct a trend analysis and rapidly adjust to changes in overall activity. Dynamic Log Analysis™’s Multi-Decision Tree Matching Algorithm. In the same way a team of ‘super-detectives’ relies on their shared knowledge and experiences in order to quickly match threats to specific, predetermined high-risk behavior, the decision and matching technology then matches the provided event to its related ‘rule’ faster. This technology is designed in three layers. About HAWK Network Defense. HAWK Network Defense, Inc., is a privately funded security information event management company founded in 2006. HAWK’s patent-pending product, Dynamic Log Analysis™, uses Naïve-Bayesian Histogram Analysis technology that acts as a team of experienced security analysts to proactively mitigate risk and transforms the tedious and time consuming task of event logging into a dynamic, powerful experience. HAWK Network Defense is headquartered in the Dallas, Texas and its product, Dynamic Log Analysis™, is exclusively distributed through Clear Technologies of Coppell, Texas. For more information, visit www.hawknetworkdefense.com or www.cleartechnologies.net/DynamicLogAnalysis. -2-
Achieving Sophisticated Security Using Naïve-Bayesian Algorithms By Tim Shelton, VP of Research and Development, HAWK Network Defense When an event is received by the dynamic log analysis engine, it converts the received information into a normalized event, matches it against its pre-defined rule set and is then separated into two types; compiled modules, and a textual rule-set. The textual rule-sets are separated into three basic classifications that provide the means for matching against our rule- set: triggers, rule-groups, and rules. A trigger is a regular expression that must match a threat in order for the rules within the module to continue processing. If it does, the event proceeds to one of the rules groups and within the rule group, a rule is applied. A rule contains all the given information Dynamic Log Analysis™ requires for improved matching, correlation, and scoring. Each rule contains the alert name, category, knowledgebase id, host and network packet information, as well as audit procedure information for compliance monitoring and scoring. The final rule, upon successful match, allows the administrator to assign the specific information to the event’s normalized hash table. The final rule allows for multiple matching rules as well as using the ‘not’ indicator. Once these activities have been completed, the event is passed into the processing queue for archiving, scoring and additional correlation. Dynamic Log Analysis™’s Information Event Console. Lastly, in the same manner that a team of ‘super detectives’ combines all of their respective experiences and knowledge into one shared, cohesive view to visualize the extent of the threat, the Dynamic Log Analysis™'s Information Event Console presents an overall view of the highest and lowest priority alerts, all arranged by severity of correlation. Further, it acts as the management and data retrieval interface with the relational database, provides a historical retrieval of logged information, and, over secure encrypted sessions, provides role based access controls. In conclusion, HAWK Network Defense has developed this, patent-pending, technology that transforms the tedious and time consuming tasks of event logging into a dynamic, powerful experience that proactively mitigates risk. Not only will the analyst be able to rely on experience of the tool to prevent threats, but also be able to utilize his own experience by writing, through regular expression, rules that will place a ‘score’ on specific inter-organizational nuances which are not a threat. About HAWK Network Defense. HAWK Network Defense, Inc., is a privately funded security information event management company founded in 2006. HAWK’s patent-pending product, Dynamic Log Analysis™, uses Naïve-Bayesian Histogram Analysis technology that acts as a team of experienced security analysts to proactively mitigate risk and transforms the tedious and time consuming task of event logging into a dynamic, powerful experience. HAWK Network Defense is headquartered in the Dallas, Texas and its product, Dynamic Log Analysis™, is exclusively distributed through Clear Technologies of Coppell, Texas. For more information, visit www.hawknetworkdefense.com or www.cleartechnologies.net/DynamicLogAnalysis. -3-

Empfohlen

Haystax: Actionable Intelligence Platform
Haystax: Actionable Intelligence PlatformHaystax: Actionable Intelligence Platform
Haystax: Actionable Intelligence PlatformHaystax Technology
 
Haystax Technology - About Us
Haystax Technology - About UsHaystax Technology - About Us
Haystax Technology - About UsHaystax Technology
 
CounterTack: 10 Experts on Active Threat Management
CounterTack: 10 Experts on Active Threat ManagementCounterTack: 10 Experts on Active Threat Management
CounterTack: 10 Experts on Active Threat ManagementMighty Guides, Inc.
 
Security Event Analysis Through Correlation
Security Event Analysis Through CorrelationSecurity Event Analysis Through Correlation
Security Event Analysis Through CorrelationAnton Chuvakin
 
Why the DoD Uses Advanced Network-traffic Analytics to Secure its Network
Why the DoD Uses Advanced Network-traffic Analytics to Secure its NetworkWhy the DoD Uses Advanced Network-traffic Analytics to Secure its Network
Why the DoD Uses Advanced Network-traffic Analytics to Secure its NetworkNovetta
 
Novetta Entity Analytics
Novetta Entity AnalyticsNovetta Entity Analytics
Novetta Entity AnalyticsNovetta
 
The Future of Advanced Analytics
The Future of Advanced AnalyticsThe Future of Advanced Analytics
The Future of Advanced AnalyticsHaystax Technology
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingAsaduzzaman Kanok
 

Empfohlen

Haystax: Actionable Intelligence Platform
Haystax: Actionable Intelligence PlatformHaystax: Actionable Intelligence Platform
Haystax: Actionable Intelligence PlatformHaystax Technology
 
Haystax Technology - About Us
Haystax Technology - About UsHaystax Technology - About Us
Haystax Technology - About UsHaystax Technology
 
CounterTack: 10 Experts on Active Threat Management
CounterTack: 10 Experts on Active Threat ManagementCounterTack: 10 Experts on Active Threat Management
CounterTack: 10 Experts on Active Threat ManagementMighty Guides, Inc.
 
Security Event Analysis Through Correlation
Security Event Analysis Through CorrelationSecurity Event Analysis Through Correlation
Security Event Analysis Through CorrelationAnton Chuvakin
 
Why the DoD Uses Advanced Network-traffic Analytics to Secure its Network
Why the DoD Uses Advanced Network-traffic Analytics to Secure its NetworkWhy the DoD Uses Advanced Network-traffic Analytics to Secure its Network
Why the DoD Uses Advanced Network-traffic Analytics to Secure its NetworkNovetta
 
Novetta Entity Analytics
Novetta Entity AnalyticsNovetta Entity Analytics
Novetta Entity AnalyticsNovetta
 
The Future of Advanced Analytics
The Future of Advanced AnalyticsThe Future of Advanced Analytics
The Future of Advanced AnalyticsHaystax Technology
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingAsaduzzaman Kanok
 
Haystax carbon for Insider Threat Management & Continuous Evaluation
Haystax carbon for Insider Threat Management & Continuous EvaluationHaystax carbon for Insider Threat Management & Continuous Evaluation
Haystax carbon for Insider Threat Management & Continuous EvaluationHaystax Technology
 
13 Tips for Cloud Security
13 Tips for Cloud Security13 Tips for Cloud Security
13 Tips for Cloud SecurityPeak 10
 
Enterprise Strategy Group: The Big Data Security Analytics Era is Here
Enterprise Strategy Group: The Big Data Security Analytics Era is HereEnterprise Strategy Group: The Big Data Security Analytics Era is Here
Enterprise Strategy Group: The Big Data Security Analytics Era is HereEMC
 
ATT&CKing the Red/Blue Divide
ATT&CKing the Red/Blue DivideATT&CKing the Red/Blue Divide
ATT&CKing the Red/Blue DivideMITRE ATT&CK
 
User and entity behavior analytics: building an effective solution
User and entity behavior analytics: building an effective solutionUser and entity behavior analytics: building an effective solution
User and entity behavior analytics: building an effective solutionYolanta Beresna
 
CYBERSECURITY INFRASTRUCTURE AND SECURITY AUTOMATION
CYBERSECURITY INFRASTRUCTURE AND SECURITY AUTOMATIONCYBERSECURITY INFRASTRUCTURE AND SECURITY AUTOMATION
CYBERSECURITY INFRASTRUCTURE AND SECURITY AUTOMATIONacijjournal
 
Take back your security infrastructure
Take back your security infrastructureTake back your security infrastructure
Take back your security infrastructureAnton Chuvakin
 
Alert logic cloud security report
Alert logic cloud security reportAlert logic cloud security report
Alert logic cloud security reportGabe Akisanmi
 
Dlp content-discovery-best-practices
Dlp content-discovery-best-practicesDlp content-discovery-best-practices
Dlp content-discovery-best-practiceslookout4raj
 
[EB100510] Evelyn del Monte: Context-Aware and Adaptive Security
[EB100510] Evelyn del Monte: Context-Aware and Adaptive Security[EB100510] Evelyn del Monte: Context-Aware and Adaptive Security
[EB100510] Evelyn del Monte: Context-Aware and Adaptive SecurityComputerworld Philippines
 
November 2013 HUG: Cyber Security with Hadoop
November 2013 HUG: Cyber Security with HadoopNovember 2013 HUG: Cyber Security with Hadoop
November 2013 HUG: Cyber Security with HadoopYahoo Developer Network
 
when minutes counts
when minutes countswhen minutes counts
when minutes countsMartin Lindgren
 
Hands-On Security Breakout Session- ES Guided Tour
Hands-On Security Breakout Session- ES Guided TourHands-On Security Breakout Session- ES Guided Tour
Hands-On Security Breakout Session- ES Guided TourSplunk
 
Data Driven Cybersecurity Governance
Data Driven Cybersecurity GovernanceData Driven Cybersecurity Governance
Data Driven Cybersecurity GovernanceDouglas Gray, CISSP, CISO
 
AI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are DangerousAI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are DangerousRaffael Marty
 
security_assessment_slides
security_assessment_slidessecurity_assessment_slides
security_assessment_slidesSteve Arnold
 
w-cyber-risk-modeling Owasp cyber risk quantification 2018
w-cyber-risk-modeling Owasp cyber risk quantification 2018w-cyber-risk-modeling Owasp cyber risk quantification 2018
w-cyber-risk-modeling Owasp cyber risk quantification 2018Open Security Summit
 
Data-centric Security: Using Information Protection and Control (IPC) Tools t...
Data-centric Security: Using Information Protection and Control (IPC) Tools t...Data-centric Security: Using Information Protection and Control (IPC) Tools t...
Data-centric Security: Using Information Protection and Control (IPC) Tools t...Chris Ross
 
Industry Overview: Big Data Fuels Intelligence-Driven Security
Industry Overview: Big Data Fuels Intelligence-Driven SecurityIndustry Overview: Big Data Fuels Intelligence-Driven Security
Industry Overview: Big Data Fuels Intelligence-Driven SecurityEMC
 
Priming your digital immune system: Cybersecurity in the cognitive era
Priming your digital immune system: Cybersecurity in the cognitive eraPriming your digital immune system: Cybersecurity in the cognitive era
Priming your digital immune system: Cybersecurity in the cognitive eraLuke Farrell
 
Finance Boot Camp #1
Finance Boot Camp #1Finance Boot Camp #1
Finance Boot Camp #1Yoshihiro Kimura
 
Corporate Volunteering in China
Corporate Volunteering in ChinaCorporate Volunteering in China
Corporate Volunteering in ChinaCollective Responsibility
 

Weitere ähnliche Inhalte

Was ist angesagt?

Haystax carbon for Insider Threat Management & Continuous Evaluation
Haystax carbon for Insider Threat Management & Continuous EvaluationHaystax carbon for Insider Threat Management & Continuous Evaluation
Haystax carbon for Insider Threat Management & Continuous EvaluationHaystax Technology
 
13 Tips for Cloud Security
13 Tips for Cloud Security13 Tips for Cloud Security
13 Tips for Cloud SecurityPeak 10
 
Enterprise Strategy Group: The Big Data Security Analytics Era is Here
Enterprise Strategy Group: The Big Data Security Analytics Era is HereEnterprise Strategy Group: The Big Data Security Analytics Era is Here
Enterprise Strategy Group: The Big Data Security Analytics Era is HereEMC
 
ATT&CKing the Red/Blue Divide
ATT&CKing the Red/Blue DivideATT&CKing the Red/Blue Divide
ATT&CKing the Red/Blue DivideMITRE ATT&CK
 
User and entity behavior analytics: building an effective solution
User and entity behavior analytics: building an effective solutionUser and entity behavior analytics: building an effective solution
User and entity behavior analytics: building an effective solutionYolanta Beresna
 
CYBERSECURITY INFRASTRUCTURE AND SECURITY AUTOMATION
CYBERSECURITY INFRASTRUCTURE AND SECURITY AUTOMATIONCYBERSECURITY INFRASTRUCTURE AND SECURITY AUTOMATION
CYBERSECURITY INFRASTRUCTURE AND SECURITY AUTOMATIONacijjournal
 
Take back your security infrastructure
Take back your security infrastructureTake back your security infrastructure
Take back your security infrastructureAnton Chuvakin
 
Alert logic cloud security report
Alert logic cloud security reportAlert logic cloud security report
Alert logic cloud security reportGabe Akisanmi
 
Dlp content-discovery-best-practices
Dlp content-discovery-best-practicesDlp content-discovery-best-practices
Dlp content-discovery-best-practiceslookout4raj
 
[EB100510] Evelyn del Monte: Context-Aware and Adaptive Security
[EB100510] Evelyn del Monte: Context-Aware and Adaptive Security[EB100510] Evelyn del Monte: Context-Aware and Adaptive Security
[EB100510] Evelyn del Monte: Context-Aware and Adaptive SecurityComputerworld Philippines
 
November 2013 HUG: Cyber Security with Hadoop
November 2013 HUG: Cyber Security with HadoopNovember 2013 HUG: Cyber Security with Hadoop
November 2013 HUG: Cyber Security with HadoopYahoo Developer Network
 
Hands-On Security Breakout Session- ES Guided Tour
Hands-On Security Breakout Session- ES Guided TourHands-On Security Breakout Session- ES Guided Tour
Hands-On Security Breakout Session- ES Guided TourSplunk
 
AI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are DangerousAI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are DangerousRaffael Marty
 
security_assessment_slides
security_assessment_slidessecurity_assessment_slides
security_assessment_slidesSteve Arnold
 
w-cyber-risk-modeling Owasp cyber risk quantification 2018
w-cyber-risk-modeling Owasp cyber risk quantification 2018w-cyber-risk-modeling Owasp cyber risk quantification 2018
w-cyber-risk-modeling Owasp cyber risk quantification 2018Open Security Summit
 
Data-centric Security: Using Information Protection and Control (IPC) Tools t...
Data-centric Security: Using Information Protection and Control (IPC) Tools t...Data-centric Security: Using Information Protection and Control (IPC) Tools t...
Data-centric Security: Using Information Protection and Control (IPC) Tools t...Chris Ross
 
Industry Overview: Big Data Fuels Intelligence-Driven Security
Industry Overview: Big Data Fuels Intelligence-Driven SecurityIndustry Overview: Big Data Fuels Intelligence-Driven Security
Industry Overview: Big Data Fuels Intelligence-Driven SecurityEMC
 
Priming your digital immune system: Cybersecurity in the cognitive era
Priming your digital immune system: Cybersecurity in the cognitive eraPriming your digital immune system: Cybersecurity in the cognitive era
Priming your digital immune system: Cybersecurity in the cognitive eraLuke Farrell
 

Was ist angesagt? (20)

Haystax carbon for Insider Threat Management & Continuous Evaluation
Haystax carbon for Insider Threat Management & Continuous EvaluationHaystax carbon for Insider Threat Management & Continuous Evaluation
Haystax carbon for Insider Threat Management & Continuous Evaluation
 
13 Tips for Cloud Security
13 Tips for Cloud Security13 Tips for Cloud Security
13 Tips for Cloud Security
 
Enterprise Strategy Group: The Big Data Security Analytics Era is Here
Enterprise Strategy Group: The Big Data Security Analytics Era is HereEnterprise Strategy Group: The Big Data Security Analytics Era is Here
Enterprise Strategy Group: The Big Data Security Analytics Era is Here
 
ATT&CKing the Red/Blue Divide
ATT&CKing the Red/Blue DivideATT&CKing the Red/Blue Divide
ATT&CKing the Red/Blue Divide
 
User and entity behavior analytics: building an effective solution
User and entity behavior analytics: building an effective solutionUser and entity behavior analytics: building an effective solution
User and entity behavior analytics: building an effective solution
 
CYBERSECURITY INFRASTRUCTURE AND SECURITY AUTOMATION
CYBERSECURITY INFRASTRUCTURE AND SECURITY AUTOMATIONCYBERSECURITY INFRASTRUCTURE AND SECURITY AUTOMATION
CYBERSECURITY INFRASTRUCTURE AND SECURITY AUTOMATION
 
Take back your security infrastructure
Take back your security infrastructureTake back your security infrastructure
Take back your security infrastructure
 
Alert logic cloud security report
Alert logic cloud security reportAlert logic cloud security report
Alert logic cloud security report
 
Dlp content-discovery-best-practices
Dlp content-discovery-best-practicesDlp content-discovery-best-practices
Dlp content-discovery-best-practices
 
[EB100510] Evelyn del Monte: Context-Aware and Adaptive Security
[EB100510] Evelyn del Monte: Context-Aware and Adaptive Security[EB100510] Evelyn del Monte: Context-Aware and Adaptive Security
[EB100510] Evelyn del Monte: Context-Aware and Adaptive Security
 
November 2013 HUG: Cyber Security with Hadoop
November 2013 HUG: Cyber Security with HadoopNovember 2013 HUG: Cyber Security with Hadoop
November 2013 HUG: Cyber Security with Hadoop
 
when minutes counts
when minutes countswhen minutes counts
when minutes counts
 
Hands-On Security Breakout Session- ES Guided Tour
Hands-On Security Breakout Session- ES Guided TourHands-On Security Breakout Session- ES Guided Tour
Hands-On Security Breakout Session- ES Guided Tour
 
Data Driven Cybersecurity Governance
Data Driven Cybersecurity GovernanceData Driven Cybersecurity Governance
Data Driven Cybersecurity Governance
 
AI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are DangerousAI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are Dangerous
 
security_assessment_slides
security_assessment_slidessecurity_assessment_slides
security_assessment_slides
 
w-cyber-risk-modeling Owasp cyber risk quantification 2018
w-cyber-risk-modeling Owasp cyber risk quantification 2018w-cyber-risk-modeling Owasp cyber risk quantification 2018
w-cyber-risk-modeling Owasp cyber risk quantification 2018
 
Data-centric Security: Using Information Protection and Control (IPC) Tools t...
Data-centric Security: Using Information Protection and Control (IPC) Tools t...Data-centric Security: Using Information Protection and Control (IPC) Tools t...
Data-centric Security: Using Information Protection and Control (IPC) Tools t...
 
Industry Overview: Big Data Fuels Intelligence-Driven Security
Industry Overview: Big Data Fuels Intelligence-Driven SecurityIndustry Overview: Big Data Fuels Intelligence-Driven Security
Industry Overview: Big Data Fuels Intelligence-Driven Security
 
Priming your digital immune system: Cybersecurity in the cognitive era
Priming your digital immune system: Cybersecurity in the cognitive eraPriming your digital immune system: Cybersecurity in the cognitive era
Priming your digital immune system: Cybersecurity in the cognitive era
 

Andere mochten auch

F:\Holocaust Katie And Kelsey
F:\Holocaust Katie And KelseyF:\Holocaust Katie And Kelsey
F:\Holocaust Katie And Kelseynorris445138
 
Companion animals and public health: Why it’s time to take them seriously.
Companion animals and public health: Why it’s time to take them seriously.Companion animals and public health: Why it’s time to take them seriously.
Companion animals and public health: Why it’s time to take them seriously.Global Risk Forum GRFDavos
 
Calendario biberon 12 13
Calendario biberon 12 13Calendario biberon 12 13
Calendario biberon 12 13pacomase
 
4- Emergency Preparedness in the supply chain- Chaimongkol
4- Emergency Preparedness in the supply chain- Chaimongkol4- Emergency Preparedness in the supply chain- Chaimongkol
4- Emergency Preparedness in the supply chain- ChaimongkolGlobal Risk Forum GRFDavos
 

Andere mochten auch (6)

Finance Boot Camp #1
Finance Boot Camp #1Finance Boot Camp #1
Finance Boot Camp #1
 
Corporate Volunteering in China
Corporate Volunteering in ChinaCorporate Volunteering in China
Corporate Volunteering in China
 
F:\Holocaust Katie And Kelsey
F:\Holocaust Katie And KelseyF:\Holocaust Katie And Kelsey
F:\Holocaust Katie And Kelsey
 
Companion animals and public health: Why it’s time to take them seriously.
Companion animals and public health: Why it’s time to take them seriously.Companion animals and public health: Why it’s time to take them seriously.
Companion animals and public health: Why it’s time to take them seriously.
 
Calendario biberon 12 13
Calendario biberon 12 13Calendario biberon 12 13
Calendario biberon 12 13
 
4- Emergency Preparedness in the supply chain- Chaimongkol
4- Emergency Preparedness in the supply chain- Chaimongkol4- Emergency Preparedness in the supply chain- Chaimongkol
4- Emergency Preparedness in the supply chain- Chaimongkol
 

Ähnlich wie Sophisticated Security - Naïve Bayesian Algorithms by Tim Shelton

Haystax - Analytic Products and Enterprise Network Services
Haystax - Analytic Products and Enterprise Network ServicesHaystax - Analytic Products and Enterprise Network Services
Haystax - Analytic Products and Enterprise Network ServicesHaystax Technology
 
Open service risk correlation
Open service risk correlationOpen service risk correlation
Open service risk correlationfrantzyv
 
UBA 5.0 Data Sheet (September 2016)
UBA 5.0 Data Sheet (September 2016)UBA 5.0 Data Sheet (September 2016)
UBA 5.0 Data Sheet (September 2016)Samantha Pierre
 
Event mgt feb09
Event mgt feb09Event mgt feb09
Event mgt feb09pladott11
 
user centric machine learning framework for cyber security operations center
user centric machine learning framework for cyber security operations centeruser centric machine learning framework for cyber security operations center
user centric machine learning framework for cyber security operations centerVenkat Projects
 
Fluency - Next Generation Incident Response Utilizing Big Data Analytics Over...
Fluency - Next Generation Incident Response Utilizing Big Data Analytics Over...Fluency - Next Generation Incident Response Utilizing Big Data Analytics Over...
Fluency - Next Generation Incident Response Utilizing Big Data Analytics Over...Collin Miles
 
RSA-Pivotal Security Big Data Reference Architecture
RSA-Pivotal Security Big Data Reference ArchitectureRSA-Pivotal Security Big Data Reference Architecture
RSA-Pivotal Security Big Data Reference ArchitectureEMC
 
Elevating Connectivity Exploring - Telecom Security Monitoring Solutions.pdf
Elevating Connectivity Exploring - Telecom Security Monitoring Solutions.pdfElevating Connectivity Exploring - Telecom Security Monitoring Solutions.pdf
Elevating Connectivity Exploring - Telecom Security Monitoring Solutions.pdfSecurityGen1
 
Use Exabeam Smart Timelines to improve your SOC efficiency
Use Exabeam Smart Timelines to improve your SOC efficiencyUse Exabeam Smart Timelines to improve your SOC efficiency
Use Exabeam Smart Timelines to improve your SOC efficiencyJonathanPritchard12
 
Telecom Network Incident Investigation Services - SecurityGen
Telecom Network Incident Investigation Services - SecurityGenTelecom Network Incident Investigation Services - SecurityGen
Telecom Network Incident Investigation Services - SecurityGenSecurityGen1
 
Security Gen's Telecom Security Monitoring Unleashes Unrivaled Protection.pdf
Security Gen's Telecom Security Monitoring Unleashes Unrivaled Protection.pdfSecurity Gen's Telecom Security Monitoring Unleashes Unrivaled Protection.pdf
Security Gen's Telecom Security Monitoring Unleashes Unrivaled Protection.pdfSecurityGen1
 
Secure Horizons: Navigating the Future with Network Security Solutions
Secure Horizons: Navigating the Future with Network Security SolutionsSecure Horizons: Navigating the Future with Network Security Solutions
Secure Horizons: Navigating the Future with Network Security SolutionsSecurityGen1
 
SecurityGen Telecom network security assessment - legacy versus BAS (1).pdf
SecurityGen Telecom network security assessment - legacy versus BAS (1).pdfSecurityGen Telecom network security assessment - legacy versus BAS (1).pdf
SecurityGen Telecom network security assessment - legacy versus BAS (1).pdfSecurity Gen
 
Addressing Gaps in Your Cyber Security
Addressing Gaps in Your Cyber Security Addressing Gaps in Your Cyber Security
Addressing Gaps in Your Cyber Security NextLabs, Inc.
 
CompTIA CySA Domain 1 Threat and Vulnerability Management.pptx
CompTIA CySA Domain 1 Threat and Vulnerability Management.pptxCompTIA CySA Domain 1 Threat and Vulnerability Management.pptx
CompTIA CySA Domain 1 Threat and Vulnerability Management.pptxInfosectrain3
 
Overall Security Process Review CISC 6621Agend.docx
Overall Security Process Review CISC 6621Agend.docxOverall Security Process Review CISC 6621Agend.docx
Overall Security Process Review CISC 6621Agend.docxkarlhennesey
 
What Is Cyber Threat Intelligence | How It Work? | SOCVault
What Is Cyber Threat Intelligence | How It Work? | SOCVaultWhat Is Cyber Threat Intelligence | How It Work? | SOCVault
What Is Cyber Threat Intelligence | How It Work? | SOCVaultSOCVault
 
NetWatcher Customer Overview
NetWatcher Customer OverviewNetWatcher Customer Overview
NetWatcher Customer OverviewScott Suhy
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation centerMuhammad Sahputra
 
Include at least 250 words in your posting and at least 250 words in
Include at least 250 words in your posting and at least 250 words inInclude at least 250 words in your posting and at least 250 words in
Include at least 250 words in your posting and at least 250 words inmaribethy2y
 

Ähnlich wie Sophisticated Security - Naïve Bayesian Algorithms by Tim Shelton (20)

Haystax - Analytic Products and Enterprise Network Services
Haystax - Analytic Products and Enterprise Network ServicesHaystax - Analytic Products and Enterprise Network Services
Haystax - Analytic Products and Enterprise Network Services
 
Open service risk correlation
Open service risk correlationOpen service risk correlation
Open service risk correlation
 
UBA 5.0 Data Sheet (September 2016)
UBA 5.0 Data Sheet (September 2016)UBA 5.0 Data Sheet (September 2016)
UBA 5.0 Data Sheet (September 2016)
 
Event mgt feb09
Event mgt feb09Event mgt feb09
Event mgt feb09
 
user centric machine learning framework for cyber security operations center
user centric machine learning framework for cyber security operations centeruser centric machine learning framework for cyber security operations center
user centric machine learning framework for cyber security operations center
 
Fluency - Next Generation Incident Response Utilizing Big Data Analytics Over...
Fluency - Next Generation Incident Response Utilizing Big Data Analytics Over...Fluency - Next Generation Incident Response Utilizing Big Data Analytics Over...
Fluency - Next Generation Incident Response Utilizing Big Data Analytics Over...
 
RSA-Pivotal Security Big Data Reference Architecture
RSA-Pivotal Security Big Data Reference ArchitectureRSA-Pivotal Security Big Data Reference Architecture
RSA-Pivotal Security Big Data Reference Architecture
 
Elevating Connectivity Exploring - Telecom Security Monitoring Solutions.pdf
Elevating Connectivity Exploring - Telecom Security Monitoring Solutions.pdfElevating Connectivity Exploring - Telecom Security Monitoring Solutions.pdf
Elevating Connectivity Exploring - Telecom Security Monitoring Solutions.pdf
 
Use Exabeam Smart Timelines to improve your SOC efficiency
Use Exabeam Smart Timelines to improve your SOC efficiencyUse Exabeam Smart Timelines to improve your SOC efficiency
Use Exabeam Smart Timelines to improve your SOC efficiency
 
Telecom Network Incident Investigation Services - SecurityGen
Telecom Network Incident Investigation Services - SecurityGenTelecom Network Incident Investigation Services - SecurityGen
Telecom Network Incident Investigation Services - SecurityGen
 
Security Gen's Telecom Security Monitoring Unleashes Unrivaled Protection.pdf
Security Gen's Telecom Security Monitoring Unleashes Unrivaled Protection.pdfSecurity Gen's Telecom Security Monitoring Unleashes Unrivaled Protection.pdf
Security Gen's Telecom Security Monitoring Unleashes Unrivaled Protection.pdf
 
Secure Horizons: Navigating the Future with Network Security Solutions
Secure Horizons: Navigating the Future with Network Security SolutionsSecure Horizons: Navigating the Future with Network Security Solutions
Secure Horizons: Navigating the Future with Network Security Solutions
 
SecurityGen Telecom network security assessment - legacy versus BAS (1).pdf
SecurityGen Telecom network security assessment - legacy versus BAS (1).pdfSecurityGen Telecom network security assessment - legacy versus BAS (1).pdf
SecurityGen Telecom network security assessment - legacy versus BAS (1).pdf
 
Addressing Gaps in Your Cyber Security
Addressing Gaps in Your Cyber Security Addressing Gaps in Your Cyber Security
Addressing Gaps in Your Cyber Security
 
CompTIA CySA Domain 1 Threat and Vulnerability Management.pptx
CompTIA CySA Domain 1 Threat and Vulnerability Management.pptxCompTIA CySA Domain 1 Threat and Vulnerability Management.pptx
CompTIA CySA Domain 1 Threat and Vulnerability Management.pptx
 
Overall Security Process Review CISC 6621Agend.docx
Overall Security Process Review CISC 6621Agend.docxOverall Security Process Review CISC 6621Agend.docx
Overall Security Process Review CISC 6621Agend.docx
 
What Is Cyber Threat Intelligence | How It Work? | SOCVault
What Is Cyber Threat Intelligence | How It Work? | SOCVaultWhat Is Cyber Threat Intelligence | How It Work? | SOCVault
What Is Cyber Threat Intelligence | How It Work? | SOCVault
 
NetWatcher Customer Overview
NetWatcher Customer OverviewNetWatcher Customer Overview
NetWatcher Customer Overview
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
 
Include at least 250 words in your posting and at least 250 words in
Include at least 250 words in your posting and at least 250 words inInclude at least 250 words in your posting and at least 250 words in
Include at least 250 words in your posting and at least 250 words in
 

Mehr von Clear Technologies

Proactive Log Management in Insurance by Van Symons
Proactive Log Management in Insurance by Van SymonsProactive Log Management in Insurance by Van Symons
Proactive Log Management in Insurance by Van SymonsClear Technologies
 
Visual Sorage Intelligence™ Product Guide
Visual Sorage Intelligence™ Product GuideVisual Sorage Intelligence™ Product Guide
Visual Sorage Intelligence™ Product GuideClear Technologies
 
Visual Storage Intelligence™ Case Story Final
Visual Storage Intelligence™ Case Story FinalVisual Storage Intelligence™ Case Story Final
Visual Storage Intelligence™ Case Story FinalClear Technologies
 
Remote Administration Case Story - 4 Front
Remote Administration Case Story - 4 FrontRemote Administration Case Story - 4 Front
Remote Administration Case Story - 4 FrontClear Technologies
 
Legal Departments' Security Responsibility - Dynamic Log Analysis™
Legal Departments' Security Responsibility - Dynamic Log Analysis™Legal Departments' Security Responsibility - Dynamic Log Analysis™
Legal Departments' Security Responsibility - Dynamic Log Analysis™Clear Technologies
 
6 reasons bankers should buy dynamic log analysis™
6 reasons bankers should buy dynamic log analysis™6 reasons bankers should buy dynamic log analysis™
6 reasons bankers should buy dynamic log analysis™Clear Technologies
 
6 reasons insurance companies should buy dynamic log analysis™
6 reasons insurance companies should buy dynamic log analysis™6 reasons insurance companies should buy dynamic log analysis™
6 reasons insurance companies should buy dynamic log analysis™Clear Technologies
 
Security level 40 product guide final
Security level 40 product guide finalSecurity level 40 product guide final
Security level 40 product guide finalClear Technologies
 
Dynamic Log Analysis Product Guide
Dynamic Log Analysis Product GuideDynamic Log Analysis Product Guide
Dynamic Log Analysis Product GuideClear Technologies
 
Dynamic Log Analysis™ Case Story City of Colleyville
Dynamic Log Analysis™ Case Story City of ColleyvilleDynamic Log Analysis™ Case Story City of Colleyville
Dynamic Log Analysis™ Case Story City of ColleyvilleClear Technologies
 
Dynamic Log Analysis™ Case Story Hutton Communications
Dynamic Log Analysis™ Case Story Hutton CommunicationsDynamic Log Analysis™ Case Story Hutton Communications
Dynamic Log Analysis™ Case Story Hutton CommunicationsClear Technologies
 
Dynamic Log Analysis™ Business Value Sheet
Dynamic Log Analysis™ Business Value SheetDynamic Log Analysis™ Business Value Sheet
Dynamic Log Analysis™ Business Value SheetClear Technologies
 
3 Reasons Why IT puts Us at Risk by Phil Godwin
3 Reasons Why IT puts Us at Risk by Phil Godwin3 Reasons Why IT puts Us at Risk by Phil Godwin
3 Reasons Why IT puts Us at Risk by Phil GodwinClear Technologies
 
Proactive Log Management in Banking - Why is it important and what inhibits i...
Proactive Log Management in Banking - Why is it important and what inhibits i...Proactive Log Management in Banking - Why is it important and what inhibits i...
Proactive Log Management in Banking - Why is it important and what inhibits i...Clear Technologies
 
Dynamic Log Analysis - The Future
Dynamic Log Analysis - The FutureDynamic Log Analysis - The Future
Dynamic Log Analysis - The FutureClear Technologies
 

Mehr von Clear Technologies (15)

Proactive Log Management in Insurance by Van Symons
Proactive Log Management in Insurance by Van SymonsProactive Log Management in Insurance by Van Symons
Proactive Log Management in Insurance by Van Symons
 
Visual Sorage Intelligence™ Product Guide
Visual Sorage Intelligence™ Product GuideVisual Sorage Intelligence™ Product Guide
Visual Sorage Intelligence™ Product Guide
 
Visual Storage Intelligence™ Case Story Final
Visual Storage Intelligence™ Case Story FinalVisual Storage Intelligence™ Case Story Final
Visual Storage Intelligence™ Case Story Final
 
Remote Administration Case Story - 4 Front
Remote Administration Case Story - 4 FrontRemote Administration Case Story - 4 Front
Remote Administration Case Story - 4 Front
 
Legal Departments' Security Responsibility - Dynamic Log Analysis™
Legal Departments' Security Responsibility - Dynamic Log Analysis™Legal Departments' Security Responsibility - Dynamic Log Analysis™
Legal Departments' Security Responsibility - Dynamic Log Analysis™
 
6 reasons bankers should buy dynamic log analysis™
6 reasons bankers should buy dynamic log analysis™6 reasons bankers should buy dynamic log analysis™
6 reasons bankers should buy dynamic log analysis™
 
6 reasons insurance companies should buy dynamic log analysis™
6 reasons insurance companies should buy dynamic log analysis™6 reasons insurance companies should buy dynamic log analysis™
6 reasons insurance companies should buy dynamic log analysis™
 
Security level 40 product guide final
Security level 40 product guide finalSecurity level 40 product guide final
Security level 40 product guide final
 
Dynamic Log Analysis Product Guide
Dynamic Log Analysis Product GuideDynamic Log Analysis Product Guide
Dynamic Log Analysis Product Guide
 
Dynamic Log Analysis™ Case Story City of Colleyville
Dynamic Log Analysis™ Case Story City of ColleyvilleDynamic Log Analysis™ Case Story City of Colleyville
Dynamic Log Analysis™ Case Story City of Colleyville
 
Dynamic Log Analysis™ Case Story Hutton Communications
Dynamic Log Analysis™ Case Story Hutton CommunicationsDynamic Log Analysis™ Case Story Hutton Communications
Dynamic Log Analysis™ Case Story Hutton Communications
 
Dynamic Log Analysis™ Business Value Sheet
Dynamic Log Analysis™ Business Value SheetDynamic Log Analysis™ Business Value Sheet
Dynamic Log Analysis™ Business Value Sheet
 
3 Reasons Why IT puts Us at Risk by Phil Godwin
3 Reasons Why IT puts Us at Risk by Phil Godwin3 Reasons Why IT puts Us at Risk by Phil Godwin
3 Reasons Why IT puts Us at Risk by Phil Godwin
 
Proactive Log Management in Banking - Why is it important and what inhibits i...
Proactive Log Management in Banking - Why is it important and what inhibits i...Proactive Log Management in Banking - Why is it important and what inhibits i...
Proactive Log Management in Banking - Why is it important and what inhibits i...
 
Dynamic Log Analysis - The Future
Dynamic Log Analysis - The FutureDynamic Log Analysis - The Future
Dynamic Log Analysis - The Future
 

Sophisticated Security - Naïve Bayesian Algorithms by Tim Shelton

  • 1. Achieving Sophisticated Security Using Naïve-Bayesian Algorithms By Tim Shelton, VP of Research and Development, HAWK Network Defense A New Era: New approach In an era in which dollars count more than ever, a true solution will enable an organization to more efficiently prevent a security breach and respond to each appropriately. Security breaches of all types will continue to affect an organization’s bottom line. It is no longer sufficient to merely respond to breaches. What is needed is a solution that enables an organization to effectively and efficiently anticipate threats. Recently, Network World stated it best: “ ‘Correlation’ has long been the buzzword used around event reduction, and all of the products we tested contained a correlation engine of some sort. The engines vary in complexity, but they all allow for basic comparisons: if the engine sees A and also sees B or C, then it will go do X. Otherwise, file the event away in storage and move onto the next. We'd love to see someone attack the event reduction challenge with something creative like Bayesian filtering, but for now correlation-based event reduction appears to be the de facto standard.” Quite simply, the current marketplace tools rely on basic Boolean rule sets. Although somewhat effective, it usefulness is only as good as the person analyzing, assessing and monitoring the events to identify potential threats. Sophisticated Bayesian filtering will enable the analyst to identify threats and precursors to threats. Famed scientist Thomas Kuhn stated that individuals are unlikely to relinquish an unworkable paradigm, despite many indications that the paradigm is not functioning properly, until a better paradigm can be presented. By utilizing a Naïve-Bayesian Histogram algorithm, Dynamic Log Analysis™ is the next paradigm shift. Dynamic Log Analysis™. By eliminating events that are not of threat, one can identify real threats. Much like a ‘super-detective’ who is constantly monitoring, learning and adapting to threats, dynamic log analysis is constantly performing predictive activities to eliminate false threats. As a result, the average analyst is transformed into a team of veteran ‘super-detectives’ with the ability to immediately decipher a real threat from a minor daily occurrence. This proactive method mitigates the probability that a network will be fully infiltrated. Dynamic Log Analysis™ enables the average analyst to utilize a team of resources that can differentiate events that are not of threat, so that real threats can be identified and prevented. Dynamic Log Analysis™ refers to an event driven solution that iteratively assesses the probability that certain types of events will produce a threat. Using a Naïve-Bayesian Histogram algorithm to assign ‘scores’ as well as utilizing Boolean rule sets, the system learns and places importance on certain types of correlated events. The system then assigns a ‘score’ to the About HAWK Network Defense. HAWK Network Defense, Inc., is a privately funded security information event management company founded in 2006. HAWK’s patent-pending product, Dynamic Log Analysis™, uses Naïve-Bayesian Histogram Analysis technology that acts as a team of experienced security analysts to proactively mitigate risk and transforms the tedious and time consuming task of event logging into a dynamic, powerful experience. HAWK Network Defense is headquartered in the Dallas, Texas and its product, Dynamic Log Analysis™, is exclusively distributed through Clear Technologies of Coppell, Texas. For more information, visit www.hawknetworkdefense.com or www.cleartechnologies.net/DynamicLogAnalysis. -1-
  • 2. Achieving Sophisticated Security Using Naïve-Bayesian Algorithms By Tim Shelton, VP of Research and Development, HAWK Network Defense threat. Dynamic Log Analysis™’s scoring technology determines the priority of an ‘event’ for alerting and responding and its Multi-Decision Tree Matching Algorithm increases speed of matching of events to rules developed by the administrator. By combining these two processes, the time to identify, respond and remediate an event is greatly reduced. Scoring. Just as a team of ‘super-detectives’ uses their shared experiences to identify and place emphasis on significant threats, the Bayesian Histogram algorithm and Boolean Ruleset assigns a score to define the magnitude of a threat. The ‘score’ is then placed in the database and the administrator is alerted on the most perilous threats. The unique total score is determined by utilizing the naïve Bayesian learning algorithm, the Boolean rule-set, as well as information acquired during the normalization and matching process. All of the gathered information is taken into account before the total score is determined. In its simplest form, the solution performs the following: Once the event, which is any user action, log entry, security notification, and performance statistic, has been selected for processing, its contents are inserted into the database. After database insertion, the event goes through the unique multifaceted scoring process that first includes a determination of the naïve Bayesian score by analyzing the standard deviation. The system is then able to match against those target events that have not been previously identified. In addition, this Naïve-Bayesian algorithm is specifically designed to match against known or trained information. Together, the engine establishes an operating baseline, and to looks for deviations against this standard norm. Next, Bayesian score is included along with the existing event properties to be processed by the Boolean rule-sets, which is list of rules associated with a positive or negative score. Once a Boolean rule-set is matched against a provided event, the associated score is added to the existing score, which in most cases is zero. Once all the rules have been compared against the event, a total score is determined, allowing future actions to be taken based upon the pre- configured score threshold. At this stage, the unique total score only applies to a single event. By assigning each event a unique score, an analyst is able receive alerts on isolated, specific events that exceed a specified score threshold. In addition, isolating and assigning a unique score to each event enables the analyst to conduct a trend analysis and rapidly adjust to changes in overall activity. Dynamic Log Analysis™’s Multi-Decision Tree Matching Algorithm. In the same way a team of ‘super-detectives’ relies on their shared knowledge and experiences in order to quickly match threats to specific, predetermined high-risk behavior, the decision and matching technology then matches the provided event to its related ‘rule’ faster. This technology is designed in three layers. About HAWK Network Defense. HAWK Network Defense, Inc., is a privately funded security information event management company founded in 2006. HAWK’s patent-pending product, Dynamic Log Analysis™, uses Naïve-Bayesian Histogram Analysis technology that acts as a team of experienced security analysts to proactively mitigate risk and transforms the tedious and time consuming task of event logging into a dynamic, powerful experience. HAWK Network Defense is headquartered in the Dallas, Texas and its product, Dynamic Log Analysis™, is exclusively distributed through Clear Technologies of Coppell, Texas. For more information, visit www.hawknetworkdefense.com or www.cleartechnologies.net/DynamicLogAnalysis. -2-
  • 3. Achieving Sophisticated Security Using Naïve-Bayesian Algorithms By Tim Shelton, VP of Research and Development, HAWK Network Defense When an event is received by the dynamic log analysis engine, it converts the received information into a normalized event, matches it against its pre-defined rule set and is then separated into two types; compiled modules, and a textual rule-set. The textual rule-sets are separated into three basic classifications that provide the means for matching against our rule- set: triggers, rule-groups, and rules. A trigger is a regular expression that must match a threat in order for the rules within the module to continue processing. If it does, the event proceeds to one of the rules groups and within the rule group, a rule is applied. A rule contains all the given information Dynamic Log Analysis™ requires for improved matching, correlation, and scoring. Each rule contains the alert name, category, knowledgebase id, host and network packet information, as well as audit procedure information for compliance monitoring and scoring. The final rule, upon successful match, allows the administrator to assign the specific information to the event’s normalized hash table. The final rule allows for multiple matching rules as well as using the ‘not’ indicator. Once these activities have been completed, the event is passed into the processing queue for archiving, scoring and additional correlation. Dynamic Log Analysis™’s Information Event Console. Lastly, in the same manner that a team of ‘super detectives’ combines all of their respective experiences and knowledge into one shared, cohesive view to visualize the extent of the threat, the Dynamic Log Analysis™'s Information Event Console presents an overall view of the highest and lowest priority alerts, all arranged by severity of correlation. Further, it acts as the management and data retrieval interface with the relational database, provides a historical retrieval of logged information, and, over secure encrypted sessions, provides role based access controls. In conclusion, HAWK Network Defense has developed this, patent-pending, technology that transforms the tedious and time consuming tasks of event logging into a dynamic, powerful experience that proactively mitigates risk. Not only will the analyst be able to rely on experience of the tool to prevent threats, but also be able to utilize his own experience by writing, through regular expression, rules that will place a ‘score’ on specific inter-organizational nuances which are not a threat. About HAWK Network Defense. HAWK Network Defense, Inc., is a privately funded security information event management company founded in 2006. HAWK’s patent-pending product, Dynamic Log Analysis™, uses Naïve-Bayesian Histogram Analysis technology that acts as a team of experienced security analysts to proactively mitigate risk and transforms the tedious and time consuming task of event logging into a dynamic, powerful experience. HAWK Network Defense is headquartered in the Dallas, Texas and its product, Dynamic Log Analysis™, is exclusively distributed through Clear Technologies of Coppell, Texas. For more information, visit www.hawknetworkdefense.com or www.cleartechnologies.net/DynamicLogAnalysis. -3-