Collect. Filter. Create.


Release Notes and News about Cyphon

Is Cyphon another SIEM product?

Cyphon isn't a SIEM and is not intended to replace tools like OSSIM. Cyphon is also not a ticketing system like Service Desk. However, it can be integrated with these tools, along with data ingestion engines such as Logstash. In fact, the ELK stack (more specifically Elasticsearch/Logstash) is a core component of the Cyphon platform.

Consider the typical pipeline of security event processing:  

Raw Logs -> SIEM -> post processed security events -> dashboards, query, reports, alerts -> email notifications -> ticketing system -> Help Desk -> Change management -> Mitigation

We wanted to clean up that messy, undefined area between the SIEM and the ticketing system. Most organizations have an ad hoc process for incident management. Cyphon is a triage, enhancement, and decision-support platform that organizes your security workflow. Our goal is to align all of the independent sources of data, provide context into related systems, and enable analysts to respond quickly.

We find that a large number of organizations manage post-processed security events as email notifications, which is incredibly inefficient. Envision that inbox sub-folder in Outlook with 10,000+ unread messages shipped to the alias. This creates an environment where critical issues are overlooked and rarely investigated.

Cyphon attempts to eliminate this issue by throttling events and prioritizing them based on user-defined rules. It also enables analysts to quickly investigate incidents by correlating other data sets against indicators that matter. 

Keep in mind, Cyphon is for "post-processed" events rather than "pre-processed" raw logs. Users should ship post-processed events to Cyphon while shipping raw content to Elasticsearch. Cyphon aligns the alerts with any contextually relevant sources you have stored in Elasticsearch. This gives you the ability to mine related data directly from Cyphon.

Cyphon can stream events from social media, email, and syslog (via Logtash) and integrate with Snort, Bro, IoT devices and lots of other data feeds. The potential uses are endless if you leverage Cyphon's backend API.

ControlScan MDRFAQ