Process Description

Data Flow

Once the data arrives at the Avalanchio platform from various data sources, it follows a simple dataflow pipeline as shown in the diagram below. We take a great degree of care to keep simplicity or data flow while retaining the flexibility of controlling the data flow for various security analytics needs. The data flow is configurable to allow integration with upstream and downstream applications. The platform has three key pillars that are used to create security use cases.

Parser: Security analytics requires data from hundreds of sources ranging from proxy server logs, application logs, AD server logs, even, HR data. The Avalanchio platform allows you to define a data model and extract the relevant data points from the raw data format. The data models

Rule Engine: The rule engine allows you to trigger certain actions such as sending out an email notification or creating a case if a condition is met as the data arrives. Rules can be a simple conditional check on the event data, or it can be complex behavioral or anomaly detection techniques or a combination of both.

Search: The Avalanchio platform provides a powerful search platform that every SOC (Security Operation Center) team requires – threat hunting and scheduled reports. The platform supports two search query languages – a DSL that we call AQL (Avalanchio Query Language) and SQL. AQL provides 100+ operators for a wide range of security-specific use cases. SQL is widely used in the industry for general purpose analytics and its adoption is growing among SOC analysts as well. You can store data for a long time ranges for compliance needs and query the data without complex SOP of hot/cold data swapping.

Look at the out of the box solutions available on the platform out of the box usecases

A Little Background of today's Security Analytics at Enterprises

Below diagram shows the perimeter of the current security analytics. The security analytics not only based on the data available from well known sources such as servers, applications and switches, but also, those from third party sources (TPI) and HR (Human Resource) database. You would need a platform that provides out of the use cases, intelligent defaults, additionally, provides a simple platform that SOC analyst can use to define and test the rule without writing code or going to application backend. The Availanchio platform provides a great balance to achieve these objectives.