Sydney startup PacketLoop to challenge SIEM

By on
Sydney startup PacketLoop to challenge SIEM

'Like Netwitness in the cloud'.

Three Sydney security engineers have today launched a beta for big data analytics startup PacketLoop.

The network packet capture analytics tool is pitched as a hosted alternative to "waning" Security Incident and Event Management (SIEM) systems, and has gained some 200 registrations.

The company describes the tool as a means to help users "find the needle in the haystack" by analysing "every packet, conversation, protocol and file for threats and deviations from normal traffic" and pumping the data out as slick comprehensive visualisations.

 "We have been referred to as 'Netwitness in the cloud'," chief technology officer Michael Baker told SC.

"[SIEM does not] answer the questions security professionals have when trying to understanding, analyse and investigate threats and breaches. They are exceptionally difficult to integrate and expensive. However I believe the bigger problem is they don't help you explore and explain threat data which is the exact problem we solve."

Baker, a co-founder alongside Scott Crane and Tyson Garrett, says the tools' ability to scale to "massive amounts" makes it suited to large enterprises and government agencies, but he notes a pricing model will be developed suit smaller organisations.

The beta version features a threat module and works with Google Chrome. More browsers and modules will be introduced into the commercial model next month.

Baker says he anticipates SIEM vendors will move to process full packet captures and fix issues of scale as they push into big data.

In a blog, he outlined 10 ways the product differed from SIEM, including a lack of "punishing pie charts", absence of parsing, and the inclusion of full fidelity data.

RSA in a report (pdf) this month had outlined the value of integrating big-data analytics into security operations.

"Within the next two years, we predict big data analytics will disrupt the status quo in most information security product segments, including SIEM; network monitoring; user authentication and authorisation; identity management; fraud detection; and governance, risk and compliance," it states, adding that analytics tools will have "advanced predictive capabilities and automated real-time controls" within three years.

Copyright © SC Magazine, Australia

Tags:
In Partnership With

Most Read Articles

Log In

Username / Email:
Password:
  |  Forgot your password?