Cybersecurity gets a threat hunting boost through Ahana Cloud and Securonix partnership
Ahana Cloud Inc.’s open-source high performance SQL query engine has found a home in the cybersecurity space.
Ahana began offering Presto, an open-source project originally developed at Facebook Inc. and incubated within the Linux Foundation, one year ago. Presto speeds up database queries from multiple sources, a key solution for handling tasks that require analysis for massive volumes of information.
Speed and scale are the operative words here. The security industry, including companies such as Securonix Inc., is now providing clients with tools to analyze large amounts of streaming data in real time to rapidly protect against threats. Ahana leverages the Presto engine as a managed service on Amazon Web Services Inc. and offers an open-source analytics alternative to proprietary data warehouse or data lake solutions.
“Traditionally, we’ve had data warehouses; we’ve had operational systems move all of their data into the warehouse,” said Dipti Borkar (pictured, left), co-founder and chief product officer of Ahana. “While these systems are really good, built for good use cases, the amount of data is exploding. There’s a new approach that’s emerging where you have a data lake, which AWS has revolutionized with S3 and commoditized, and there’s analytics that’s built on top of it. We’re seeing a lot of good advantages that come out of this new approach.”
Borkar spoke with John Furrier, host of theCUBE, SiliconANGLE Media’s livestreaming studio, as part of the AWS Startup Showcase: The Next Big Things in AI, Security & Life Sciences. She was joined by Derrick Harcey (pictured, right), chief architect at Securonix, and they discussed how Presto helps query data rapidly and at scale, the importance of threat detection in the streaming process, and the value of a managed service model for the open-source tool. (* Disclosure below.)
Real-time security insight
The application of an open-source solution such as Presto makes sense in a threat environment where attackers have become adept at masking their trail and hiding deep inside of complex network systems.
“When you have these deep questions about where the threat came from or who was it, you have to ask these questions of your data,” Borkar said. “Presto comes in where you want to find the needle in the haystack.”
To find that elusive needle, Securonix leverages open data lake analytics within its next generation security information and event management, or SIEM, platform to provide real-time security insights. SIEM’s origins are in log collection and management with the application of rules-based threat analysis and identification.
“Next generation SIEM is really the modernization of a security platform that includes streaming threat detection, behavioral analysis and data analytics,” Harcey said. “We literally look for thousands of different threat detection techniques, we chain together sequences of events, and we stream everything in real time. It’s critical that we can adjust the data quickly, find threats quickly and allow customers to have the tools to respond to security incidents quickly.”
The process of threat detection requires an ability to search for clues across massive data lakes. The sheer size of the log files and other information stored makes it impossible for humans to conduct a complete analysis, so the Securonix intelligent cyber solution relies on being able to query large amounts of information rapidly, a process known as threat hunting.
“We do threat detection during the streaming process, but as part of the process of managing cybersecurity, the customer has a team of security analysts that do threat hunting,” Harcey explained. “The threat hunting is where Ahana comes in.”
Moving from terabytes to petabytes
Ahana’s use of the Presto engine provides Securonix with speed, but it also supports data queries at scale. This represents an important transition for the open-source community to meet critical enterprise needs.
“The systems that were built to process this information in the past support maybe terabytes of data,” Borkar said. “That’s where open-source technologies like Presto come in, which were built to handle internet scale. We’re moving from gigs to terabytes to petabytes and that’s where the analytic stack is moving.”
The analytic stack is also moving to a managed service model. One of Ahana’s selling points is that it has simplified the ability for enterprises to integrate a tool such as Presto into the operational fabric of IT without having to hire additional staff or spending weeks to adapt the technology.
“Whether it’s a three-person platform team or a five-person platform team, they still get the same benefit of Presto that a Facebook gets, but at much less operational complexity and cost,” Borkar noted. “That’s where managed services come in. There are thousands of query parameters that need to be tuned and with Ahana; you get it out of the box. With a few clicks, you can get up and running, so you see value immediately.”
Securonix has found that the integration of a tool such as Presto allows it to leverage open-source innovation seamlessly without any obvious disruption to its clients. In the mission-critical world of cybersecurity, this has become an important element.
“We want to provide a service that has all of the best-in-class features, but also leverages the ability to innovate on the back end without the customer knowing,” Harcey said. “The growth in cybersecurity really requires new and innovative technologies to work together holistically.”
Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s coverage of the AWS Startup Showcase: The Next Big Things in AI, Security & Life Sciences. (* Disclosure: Ahana Cloud Inc. sponsored this segment of theCUBE. Neither Ahana nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)
A message from John Furrier, co-founder of SiliconANGLE:
Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.
We really want to hear from you, and we’re looking forward to seeing you at the event and in theCUBE Club.