Watchguard empowers enterprises, managed security providers with big data visualisation

A visualisation tool for big data analysis is helping security administrators drill down to isolate potential security threats after security vendor Watchguard this week unleashed a cloud-based security-intelligence tool designed for easy deployment by enterprises and managed service providers.

Created to help make sense of a mountain of logging and security event data, the company's Dimension application is the latest in a string of security tools designed to extract new insight from large volumes of aggregate data.

"Up to this point, the industry has kept logging and reporting as two very separate systems that require their own expertise and mastery to get going," Watchguard A/NZ country manager Pat Devlin told CSO Australia.

"People have been telling us it's difficult to manage log data on security devices, with too many logs coming through and no real business intelligence capabilities for them. And smaller companies often have the exact opposite issue: they don't know if they should be storing logs, then they have an incident and need to go back and do some forensic analysis. It's too late to want logs after the fact."

Positioning its new tool as an add-on for its established based of managed security providers (MSP) partners – as well as customers using its universal threat management (UTM) security tools – Watchguard has bundled Dimension as a virtual machine that can be quickly run up inside Amazon Web Services or other virtual-server hosting environments.

This architecture not only allows for easy local and remote access, but reduces the burden on local storage by allowing an ever-expanding amount of log data to be stored directly in the cloud, Devlin pointed out.

"It's independent of the SAN so you can allocate as much space as you need to," he said. "And it makes it very easy for managed service partners to offer it as service – having an offsite login server, generating automated reports, and being able to immediately drill in and analyse what's going on. This is a huge bonus for companies offering security as a service, who mostly just cobble together something on their own."

Better visibility of usage logs isn't just about spotting bandwidth hogs or security incursions: one Australian school has, Devlin said, already used the platform's improved visibility to cost-justify an investment in additional bandwidth after it became clear that large volumes of regular Windows and application updates had increased the school's bandwidth baseline significantly.

A range of views inside the app groups IP data requests by domain, source, protocol, destination and other attributes to help identify large users of bandwidth, resource-consuming applications, and more. Dashboard views show potentially unwanted sites that have been filtered by the UTM engine, top sources and destinations of traffic, and other summaries designed to facilitate the process of spotting and investigating anomalous network behaviour.

Automatic mapping to usernames (via Active Directory integration) or onto geographical sources facilitates security investigations by, for example, isolating all traffic to domains located in countries that aren't normally contacted. Questionable domains can be geoblocked within the Watchguard framework, which is also able to analyse data from other security tools after pulling it into the appliances using existing integration capabilities.

Join the CSO newsletter!

Error: Please check your email address.

Tags watchguardbig data visualization

More about Amazon Web ServicesAmazon Web ServicesCSOWatchguard

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts