The use cases
Detect before effect and automate analysis
Every system, app or service eventually fails. Typically, when things break it propagates until it finally materialize in an observable impact. Unomaly is capable of detecting the issue early due to its anomalous character, and give complete cross-platform details of how it has developed.
- Detect unknown issues, unforeseen events and incidents before their effect
- Avoid costly troubleshooting and root cause analysis efforts
- Instantly act, share and report on situations
Incidents may strike at day zero - be there
Every security incident leaves a trace. Any steps taken by an adversary that is not part of the normal behavior of a system results in new, rare or changing data. Unomaly exploits that fact, and enables detection of advanced, creative and persistent threats by its anomalous nature.
- Take advantage of knowing your systems better than your adversaries
- Detect zero day security incidents by its anomalous character
- Perform forensical analysis in realtime, instead of on historic data
- Produce reports in a click summarizing the incident timeline
Change is necessary, but not its downsides
Change is a double edged sword - absolutely necessary for improving but also a risk. Unomaly provides a realtime view of how individual changes affects the environment, where the normal data is removed and the rare and anomalous is highlighted. Ultimately, this is the best way of ensuring that changes are successful. And a realtime awareness if that isn’t the case.
- Monitor each individual change in realtime to spot issues
- Understand cross environment impact without need for predefined relationships
- Strengthen change management with bottom up information on actual change
Assuring control, and actually getting it
Compliance- and best practice frameworks (be it PCI, ISO27001 or MOF) requires and recommends analysing data to spot irregularities. Unomaly gives a natural insight and a streamlined workflow to understand the activities in the environment. Ultimately so that IT can get complete control and situational awareness.
- Automate PCI requirement 10.2 on daily review of log data
- Follow NIST recommendations for Continous Monitoring
- Follow NIST recommendations on Incident Handling
- Follow SANS Incident Handbook recommendations on analysis
How it works…
What used to be impossible is now just a few clicks away. Downloadable, automated and streamlined.
Get your instance going
Your system produce vast amounts of data so you want to place the instance close to it. Be it on premise, in the cloud or wherever you are building your business.
Unomaly installs by booting an auto installing iso-image which takes you through the entire process in under 30 minutes. After inputting networking and license information you are good to go.
It takes just 30 minutes. Add 5 minutes for distributed deployments.
Push realtime data
Every IT system produces realtime data on what it is doing - and that data is largely unique to each system. The data is unstructured, variant, complex and high volume. Unomaly can consume that data regardless of format, structure and without any form of parsing. We support receiving standardized data such as Syslog and SNMP, but anything in plaintext over TCP/UDP will do.
Have an existing data repository? Just forward!
Unomaly looks through every event in realtime and consumes every parameter, frequency and change into baseline profiles. As your systems evolve, so does its data and these baselines. These profiles provides Unomaly and you with a real world view of what the infrastructure is doing - free from any form of bias. These profiles are accurate enough to detect a sneeze, yet adaptive enough to understand your having a cold.
Baselining a system takes roughly 2 weeks. But not of your time, since its completely automated!
Detect unknown and known incidents
Unomaly exploits the fact that incidents are not part of normal. By identifying chains of new, different or changing data and tying them together into scored situations, Unomaly is capable of giving you the attention to the most critical, changing and unknown parts of the infrastructure. Always with a focus on root cause, which is the first anomaly in the chain. But still with the details of propagation and impact.
Unomaly notifies in real-time when something out of the ordinary is happening, automatically.
Get actionable data-driven reports
Because Unomaly analyzes any and all data in your infrastructure and converts it into actionable intelligence, you have a great opportunity to create reports that delivers actual value. The Unomaly reports are data-driven and to the point to answer questions about incidents. Use it to timely report to stakeholders who depend on being able to get and give straight answers.
Schedule reports to stakeholders. Create and send reports to vendors to bring them up to speed in seconds on a problem.
Like to see it on your own systems?
How we are different
Detect changes and new issues - not already experienced, historic failures.
Plug and play
Just send your data in any way that suits you. Any data, from any system, operating system, service or app - without parsing.
From consuming data, to analysing it, to having engineers act on issues and managers report on quality.
Per system licenses without any constraints on volume. You pay for the value you get, not what you input.