Corella is our internal solution for log&metrics collection from multiple clients, their post-processing, finding correlations in the received data and it can help our experts by executing some investigation workflows on its own.
Its next version will be able to detect even strong anomalies which might pose a potential threat to security or availability.
All to increase the extraction of any potential security problems from the received data and secondly to minimize and streamline the work of our analysts.
The post-processing mainly equalizes the received data from different collector types of which each has a bit different output. It also includes additional extraction of properties from the unstructured data.
It utilizes holistic approach when analyzing each client’s infrastructure by combining collected logs and metrics from the operating systems, hosted services, people operating them, network traffic as well as data from the network devices. To get a full 360-degree view, it calculates reputation score of any suspicious Internet or internal connection parties.
Corella calculates reputation score based on its findings, data from honey-pots located at clients’ sites and Internet and also from several reputations databased on the Internet.
It also compiles all relevant attributes of each reported potential security issue to its fellow humans to speed up their expert investigation. Some event types will have structured workflows defined by our analysts in the next version.
These workflows collect additional information which is relevant to the relevant event, e.g., statistics of user logins based on time of day, source IP address/segment or commands executed during the potential security breach.
Last but not least, it can reevaluate the level of the event based on the additionally collected data. This re-assessment decreases the load and increases the precision of our analysts. Once they teach our system workflow for that specific elevated event type, the corella can do the major part (or even the whole) of the analysis instead of them.
We are starting the development of its 4th generation already. Our team works closely with experts from IBM, Microsoft, and local partners utilizing the latest technologies like https://customers.microsoft.com/en-us/story/binaryconfidence.