Analytics Modeling
Alert on Activity or Inactivity
Find Threats in Huge Datasets Quickly
Track Entities
Analytics Overview
When dealing with big data one of the biggest challenges that new users have is knowing what data to ingest and then what data to highlight. Analytics allow you to narrow results down to manageable levels through the use of time series modeling, data set filtering and reduction and through modeling of actions, functions and anomaly's as data is being ingested.
To find what truly matters in your data you have to ensure you have defined your relationships in data as well as define entities so that you can track future activity of a person, organization or object. Analytics are hugely customer specific based on your individual use cases. Jigsaw Security provides rapid application and analytics development in a modular format that can be plugged directly into our platform. Analytics are designed to run independently and may also be written to pull data and transform data from your existing systems. There are several analytic models that we use in all of our products.
Existing Analytic Models
Matchstick - An IOC search and match analytic that looks in your log files for items matching observed threats.
Entity Locator - A location based analytic that alerts to the movement of people or objects.
Alerter - Alert on specific keywords or series of events - chained events in specific time series.
RF and Device Location - Determine when a mobile device is in range of a network or facility.
OSINT Textual Extractor - Extract key phrases from Facebook, Twitter or other sites such as RSS or news sites.
Keyword Charting - A keyword observation filter that generates a time line of specific uses of terms in a data stream.
Voice to Text and Voice to Analytics - A voice processing module (Requires additional charge for integration with your use case)
In addition to our existing analytic models, Jigsaw Security data scientist can create models and other investigative use case analytics to find threats they you may not have known existed in your agency or company. These models utilize several products to include the following options. In short Jigsaw Security knows big data.
Supported Analytic Platforms Products and Integration
Jigsaw Security develops customized analytics for the Jigsaw Analytic Platform which is our own in house developed system for monitoring security threats. The Jigsaw Analytic Platform has all of the components listed on this screen in the platform and assist end users in maintaining their NIST and CDM compliance known state as well as alerting and other functions to ensure continued compliance as new and emerging threats are discovered.
Jigsaw Security deploys our solutions and our partners solutions in Amazon Web Services. This is useful for companies that do not want to maintain their own data centers.
As part of our compliance with the CDM model. Jigsaw Security utilizes HP Server Automation and HP Network Automation to ensure that all systems are managed and updated to the latest software and firmware versions.
Jigsaw Security provides in person training and externally provided courses through the Jigsaw University. We utilize Canvas to provide training to our staff, partners and students studying various methodologies as part of our training and awareness campaigns. Many of our courses are certified by the North Carolina Private Protective Services Board or used to provide Jigsaw Security certifications for auditing such as our Jigsaw Protection Model course.
Jigsaw Security utilizes hadoop to process large data sets and to store data long term. Our hadoop integration allows us to process Petabyte's of data rapidly by distributing our analytics on low cost clusters of common off the shelf servers.
Jigsaw Security utilizes Lucene based searches and writes analytics to work with Elasticsearch clusters. By combining hadoop and elasticsearch clusters, we can rapidly deploy low cost analytic models that can continually update in near real time on very large datasets. Our internal data storage houses more than 155 million records of information in elasticsearch alone.
Jigsaw Security processes rapidly streaming data with TensorFlow. This allows us to make rapid decisions on what is occurring and to locate APT based threats there were previously unknown so we can protect our customers against new threats.
Jigsaw Security has created solutions to monitor criminal activity on TOR also known as the "dark web". In addition to tracking we also have created law enforcement grade software and capabilities to unmask TOR users committing criminal acts for prosecution.
Jigsaw Security has the unique capability of monitoring DNS streams of traffic to identify previously unknown threats and to disrupt threats with our Jigsaw FirstWatch sensor. DNS name resolution allows greater visibility into what is occurring on large networks all from a single monitoring point.
Jigsaw Security has customized the open source project known as Maltrail and has also written commercial modules to better provide monitoring capabilities with a low to no cost solution. A free sensor is available as well as commercial sensors with Jigsaw modules.
Jigsaw Security operates the largest known MISP instance that we are currently aware of. With over 25 million indicators of compromise and activity reports available. This platform is used to provide threat intelligence services to our customers.
Jigsaw Security operates over 480 honeypots and ingest data from over 2000 deployed honeypots into our analytic models. By analyzing the activity on these systems, we can find what threats are active and what hackers and malicious actors are most interested in. The data from these honeypots is a valuable resource our analyst use to determine the current security state of the Internet, our network and our customer networks.
Jigsaw Security creates analytics that ingest and process STIX files received via TAXII servers. In addition we utilize TAXII servers to ingest large amounts of threat intelligence from partners, Government and industry to provide rapid notification of security events that may be harmful to our customers.
Jigsaw Security creates analytics to help 4G and WiMAX providers (of which we also operate networks). Using analytics to find faults, slow downs and issues on wireless networks to include cellular, WiMAX and 4G communications networks.
Jigsaw Security provides Internet of Things bulletins and reports. Using our analytics, we can determine what types of IOT devices are being targeted and what sectors are at risk. In addition we work with ICS-ISAC and US-CERT to ensure we continually work to protect these devices on our client and customer networks.
While we don't do analytics on social media content. Some of our clients do and they utilize our analytic models to target persons of interest, track criminal activity as well as learning insight into what trends and topics are of interest to the public.
These analytics use cases are just come of the analytics we have created for our own use and our customers. If you have specific development needs please contact us using the chat feature. We excel at using technology to find and stop threats to your organization.