Threat hunting/intelligence and investigations get a major boost with new capability by Varada; fast time-to-insights on exabytes of data directly on the customer data lake.
Varada, the data lake query acceleration innovator, today announced a new capability of its flagship platform designed to help cybersecurity teams deliver faster time-to-insights on exabytes of data directly on the data lake. As security teams seek powerful and swift threat detection tools to stay a step ahead of adversaries, Varada’s technology offers a way to leverage 10 times more data and deliver results up to 100 times faster than other data lake-based analytics platforms.
“In order to be effective as a security team today, you have to look at all of your data, sometimes 10 years’ worth of data or more, and that’s a Big Data problem that requires a new approach,” said Brad LaPorte, Gartner veteran and Partner at High Tide Advisors. “The SIEM log management solutions aren’t designed to solve Big Data analytics challenges because they are too narrowly focused and too expensive. A far better cybersecurity approach—one that can use all available data and return results faster and more cost effectively—is to leverage the security data lake with tools like Varada’s platform. I meet with countless security teams and CISO’s, and they are all in a reactive mode and lacking necessary resources. The paradigm shift to the data lake will help teams become more effective by leveraging more data and easier access to do the mission-critical work they need to do to keep their companies and data safe.”
Varada’s dynamic and adaptive indexing technology enables security analytics workloads to run at near real time, especially on highly selective queries seeking “a specific needle in a stack of needles” at a speed that has never been achieved before, without moving, duplicating or modeling data.
“Speed and precision are absolutely critical when responding to cyberattacks, a task which becomes more challenging every day as security teams deal with constant, ever-expanding streams of increasingly complex data,” said Eran Vanounou, CEO at Varada. “Varada’s technology can give security teams the upper hand by leveraging 10 times more data and delivering results up to 100 times faster. Our solution is easily deployed in the organization’s own environment, so the data is not duplicated and never leaves. Plus, it incorporates all data from any source without modeling, which means data teams get ‘zero time to market’ with results that are both thorough and precise.”
Leveraging the Security Data Lake
To ensure performance and control compute costs incurred with XDR, EDR, SOAR and SIEM, many enterprises compromise on accessing all their available data and settle for isolated data silos that have been prepared and modeled to enable speedy analytics. The data lake, which is a cheap and simple storage layer, can serve as the modern replacement to legacy SIEM systems to provide cutting-edge threat detection and analytics. The security data lake enables organizations to store any new dataset from any source and easily integrate new datasets as they become available.
Varada’s Adaptive Indexing Technology Delivers the Competitive Advantage
Varada’s adaptive and autonomous indexing technology leverages machine learning capabilities to dynamically accelerate queries to meet evolving security requirements. Varada indexes data directly from the data lake across any columns. Indexes adapt to changes in data over time, which is critical for effective anomaly detection across vast datasets. Based on the data type, structure, and distribution of data, Varada automatically creates an optimal index from a set of indexing algorithms including text-optimized search and index (based on Apache Lucene), bitmap, dictionary, trees, etc.
Varada’s smart engine detects bottlenecks automatically and adjusts the cluster and acceleration techniques to ensure business requirements are met at the allocated budget. Key features include:
- works atop the customer data lake, enabling access to new data as it becomes available
- analytics platform that works directly on raw behavior data, without any need to model data to improve performance; any new data can be analyzed immediately with zero time-to-insights, resulting in fast results for hunting and threat intelligence without losing the full dimensionality of the data
- continuously monitors queries to identify which data is used and how it’s being used by workloads; this critical observability is then leveraged to dynamically and automatically accelerate security team workloads with adaptive indexing, caching of threat data or caching intermediate results
- enables analytics workloads to connect disparate “dots” to detect multi-abnormalities, and compare real-time activity to patterns in the data lake to help rule out false positives and quickly identify legitimate threats
- decoupled from the storage layer; easily scales to serve fluctuating demand
- security operations teams have full control to prioritize analytics projects, define budgets and performance requirements