Tenzir is developing an open security analytics platform for cyber-attack detection and remediation. As the backbone of a modern security operation centre, the platform offers privacy-compliant recording of activity with retrospective correlation against acute threats, real-time detection against millions of threat intelligence data, visual threat hunting and flexible integration into existing tools.
Tenzir’s open security analytics platform provides a control plane and data plane for the modern Security Operation Centre (SOC). Threat Bus is the product on the control plane: threat intelligence data such as indicators and sightings are propagated on a message bus to all relevant tools in the SOC for automated reaction. In addition, VAST forms the Data Plane: as a lightweight SIEM with a focus on detection and processing of high-volume telemetry, VAST enables data protection-compliant recording of network, endpoint or cloud telemetry. Built-in live matching can easily match millions of indicators against the incoming stream of telemetry data to detect known threats in real-time. VAST also generates behavioural profiles from incoming telemetry to use anomalies as an additional alert. In the web interface, this allows threat hunters and analysts to efficiently contextualise events in a holistic manner.
This open approach is unique: no data silo, open-source tools, full control over threat and telemetry data, flexible STIX message bus – the modern SOC backbone.