The Power of the Anti-SIEM

Security teams are overworked and understaffed. And CISOs know that hiring more people with the right skills is getting tougher every day.

Meanwhile, cyber security challenges become more difficult and targeted attacks become more sophisticated. The SIEM was supposed to be a platform that empowered security teams with the information needed to address these issues. Instead, many SIEM users are frustrated and complain about too much cost, noise, complexity, and time–and not enough value. Cyphort’s Anti-SIEM helps your security teams regain visibility and control, accelerate incident response, and ensure a stronger security posture for your organization. The bottom line: The Anti-SIEM saves your business time and money.

Advanced Threat

Security analysts and incident responders cannot be effective unless they first have deep insight into the advanced threats that have compromised their network and infected endpoint devices. Traditional SIEMs are typically weak in terms of proactive threat detection capabilities. But the Anti-SIEM is different because it’s built on Cyphort’s Adaptive Detection Fabric. This distributed detection software, certified by ICSA Labs, continuously examines web, email, and lateral spread traffic using machine learning and behavioral analysis technologies to quickly find advanced threats that bypass other security tools. This detection solution can be deployed across any number of locations and scale to support any size organization.

Advanced Threat

One of the most time-consuming tasks that security teams deal with each day involves sorting through alerts to determine which events are important, which are related, and which deserve immediate attention from the incident response team. The Anti-SIEM solves this problem by first leveraging its advanced threat detection technology to pinpoint the source of the problem. It then automatically links all related events from other security sources in your network, identifies the infected user, and presents a consolidated timeline view of the entire security incident - often in as little as 15 seconds. This empowers security teams to accelerate incident response and process more meaningful security incidents each day.

One-Touch Threat

Anything that can help accelerate incident response is a good thing. That’s why the Anti-SIEM includes automated mitigation capabilities, which is made possible through its open architecture and ability to integrate with your existing security tools. One click and you can update policies in firewalls, IPS, and secure web gateways so that they can immediately block similar threats in the future. Or you can automatically have your NAC isolate an infected endpoint to restrict its movement in the network until deeper forensics can be performed. This automation enables incident responders to focus their time on more critical issues.

Learn more about the three key components of the Anti-SIEM solution.

How The Anti-SIEM Works

This short video provides an
overview of how the Anti-SIEM works.

The power of the Anti-SIEM begins with its advanced threat detection capabilities. This is the critical first step in the process that ensures security analysts and incident responders are armed with accurate, actionable threat information. To accomplish this, the software collectors of Cyphort’s Adaptive Detection Fabric are deployed at critical points in the network to continuously ingest raw data from web, email, and lateral spread traffic. These sources provide the strongest signal to identify potentially malicious activity, particularly as it relates to threats targeting users and endpoint devices. In addition, the Anti-SIEM’s open architecture enables it to ingest log and event data from other security tools in the network, including firewalls, web gateways, endpoint security, etc.

All information is fed into the SmartCore analytics engine, which uses machine learning and behavioral analysis technologies to identify advanced threats that have compromised endpoints. It then correlates all related events from other security tools–along with identity information on the infected user or host–and presents a consolidated timeline view of each security incident, as well as its progression through the cyber kill chain. The entire process is often completed in as little as 15 seconds.

All security incidents can be viewed and processed using the Cyphort Anti-SIEM management application, or can be integrated with existing SIEM platforms. In either case, the consolidation of multiple events into an adjustable timeline of the security incident enables an accelerated, interactive investigation process. Finally, the Anti-SIEM assists in the response process by providing time-saving auto mitigation capabilities, updating policies in existing tools to strengthen them against similar attacks in the future.

Why the Anti-SIEM is Essential

There are two key values that make the Anti-SIEM an essential solution for virtually every organization concerned about protecting their internal assets. These values are 1) improving the productivity of security analysts and incident responders; and 2) delivering stronger security and protection against advanced cyber attacks. Let’s look closer at each benefit:

First, productivity is an essential requirement. Security teams are often overworked and understaffed, and the demand for highly skilled talent is growing, which makes the staffing problem an expensive, ongoing challenge. Therefore, it is imperative to first ensure that existing teams are equipped with the tools and information they need to maximize their productivity and effectiveness. In large organizations, the quality of actionable information delivered by the Anti-SIEM can eliminate hours of manual work each day and significantly accelerate the incident response and threat resolution process. These productivity gains can often eliminate the need to hire additional staff and, just as important, improve the job satisfaction and retention of the existing staff. These cost savings can often have a significant, positive bottom-line impact on IT budgets.

Second, security is the primary reason organizations purchase a SIEM. Unfortunately, traditional SIEMs are typically weak in their ability to proactively detect the advanced threats associated with so many of the alerts and events delivered to security analysts. In contrast, the Anti-SIEM was built on a strong foundation of advanced threat detection capabilities unavailable in any traditional SIEM. Cyphort’s innovative machine learning and behavioral analysis technologies have been independently-certified by ICSA Labs and field-validated by hundreds of customers. Cyphort’s ability to find the advanced threats that others miss, then link related security events to that threat, helps security teams not only improve productivity, but also significantly strengthen their security posture. In addition, the time savings allows teams to look more closely at other security events and issues that might otherwise have to be ignored.

This unique combination of improving staff productivity/cost savings, while delivering stronger threat defense, are what make the Anti-SIEM an essential software solution.

Validation of the Anti-SIEM

The advanced threat detection capabilities of the Anti-SIEM have been tested and certified by ICSA Labs in 2017. But most important, the solution generates positive reviews from customers that rely on Cyphort software to protect their organization.


ICSA Labs, an independent division of Verizon, tested the advanced threat detection components of Cyphort’s Anti-SIEM platform. The Anti-SIEM passed, having met all criteria requirements.


“For us, Cyphort was a good choice because it mapped very nicely to the distributed nature of Barry University. We have a Cyphort appliance located at our main campus and then deployed sensors at each of our 20 other locations–It’s great to be able to cover all security needs and have that telemetry relayed to the main campus.”

Dr. Hernan Londono
Associate Vice President of Technology & CTO, Barry University

“Cyphort gives us the ability to see the lateral movement, the north, south, east, west traffic, and look at your world in context, to me becomes one of the paramount important things, because you have to identify and stop very quickly…because things are going to happen.”

David Giambruno
Senior Vice President & CIO, Tribune Media

“Protecting our customers’ personal information is of the utmost importance, and that has become more of a challenge as threats are constantly changing. We look to Cyphort as another key piece of armor for helping us stay on top of new threats and continue our dedicated commitment to customer service.”

David Strobelt
Chief Information and Supply Chain Officer,
Modell’s Sporting Goods

See the Anti-SIEM in Action.

Schedule a live demo at your convenience, and we’ll present the detection, analytics, and mitigation capabilities of the platform.