Security vendor Nuix has announced a new tool for security teams struggling to deal with threat intelligence. Nuix Insight Analytics & Intelligence (NIAI) is being positioned as a data analysis platform. It is based on the Nuix Engine that also underpins its eDiscovery products. This is important as it enables NIAI to import a wide range of file formats and data.
According to Dr. Jim Kent, Global Head of Security & Intelligence at Nuix: “The worldwide demand for expertise in cybersecurity and intelligence analysis simply can’t be met by hiring more people—the only answer is to bake more knowledge and insights into technology.
“Nuix Insight Analytics & Intelligence brings together our global leadership in data processing and analytics with decades of experience in incident response, insider threats, threat intelligence, counterintelligence, and security strategy. This means data analysis, security, and forensic professionals of all knowledge levels can do more with less.”
Can Nuix solve the threat intelligence overload?
Kent is right that the technology needs to do more. Anomali and the Ponemon Institute report that 70% of security teams are swamped by threat intelligence data. What appears to be happening is that they have so many tools delivering data that they cannot analyse it effectively. This allows security issues to hide in plain sight making threat intelligence a false security measure.
Nuix says that it can change that with the Nuix Insight Analytics & Intelligence solution. This is because it doesn’t just sort through the data using simple queries and pattern matching. Instead Nuix claims it correlates and contextualises the data. There are five reasons Nuix is claiming NIAI will improve data analysis:
- The Nuix Engine and its proven ability to extract text and metadata from hundreds of file formats and massive data volumes
- A high-performance distributed database and search engine
- A rich and easy-to-use graphical interface that will appeal to novice analysts and seasoned security professionals
- Intelligence filters that help analysts focus on the data most relevant to specific use cases
- A graph database that automatically finds connections between people, objects, locations, and events.
A set of tools to simplify and boost forensic analysis
The majority of security professionals will find the UI and filters the most useful features. Overcoming the threat intelligence data overload requires a quicker way to refine data. This will put more pressure on the way Nuix contextualises the data. Nuix has a lot of experience with eDiscovery tools. This is likely to give them an advantage in building contextual relationships between pieces of data. For the forensic analysis teams looking for advanced threats this type of data is critical.
The use of multiple database technologies is also of interest. The graph database will show new relationships between individuals. When a user or machine is hit by an attack it is often difficult to work out the potential risk for the business. This is because many interactions are not obvious. A graph database allows a security researcher to see the second, third and additional connections that user has. This shows the potential spread patterns for a cyber attack, allowing them to be explored and preventative measure put in place.
Conclusion
The security industry has invested a lot of time and effort into threat intelligence. IT is now suffering from the problem of too much data and poor analytics tools. This is because the tools in use are an adaptation of general business intelligence tools such as those used by sales and marketing teams. It means that security teams require considerable effort to tune their queries. This is the only way they can deal with the complexity of data and diversity of data sources they have to deal with.
It is interesting to see Nuix bring their eDiscovery knowledge to this market. The contextual requirements from eDiscovery and the need to contextualise the data are a good match for threat intelligence.
