Our engineering team has been working hard to deliver on the promise that MixMode offers a heterogeneous, “single pane of glass” view and analysis into multiple kinds of workloads.
One of the biggest challenges facing enterprise security teams today is information overload created by massive tool sprawl. Many security teams are forced to utilize upwards of 40-50 security tools to monitor their environment which is leading to an overabundance of alerts.
In many ways, MixMode was built as a platform to solve this issue by acting as a ‘single pane of glass,’ and allowing enterprises to combine multiple streams of security data like endpoint, firewall, Cloud and SIEM directly into the MixMode dashboard and providing advanced visualization and powerful AI filtering to ensure your data is actionable.
Here are three integration announcements that you may have missed:
Leveraging MixMode to monitor AWS Cloudtrail
MixMode’s approach to CloudTrail security monitoring and detection is simple. We ingest your CloudTrail logs into our platform, apply a layer of our Proprietary Artificial Intelligence to give you advanced anomaly detection and alerting, correlate those anomalies with your underlying network data and give you access to forensic search and investigation of these logs.
In this article you will find a walkthrough of a scenario where the MixMode AI had flagged a specific CloudTrail activity as anomalous. Below is a screenshot of the MixMode Security Events Overview dashboard for CloudTrail in an AWS environment.
MixMode Now Supports Amazon VPC Flow logs
The challenge with workloads in cybersecurity is twofold. First, the tools log every call into your account(s) so logging can be quite voluminous. In fact, one resource places the signal to noise ratio of CloudTrail events to be about 1:25,000.
Second, the logs produced are not susceptible to traditional security detection via intelligence feeds, attack signatures or hash values. As such it can be difficult to know parse potential threats from normal behaviors.
VPC Flow Log support now allows MixMode to guard your Amazon EC2 workloads, as a complement to On-Premise workloads as well as Amazon API workloads (using CloudTrails).
AWS VPC Flow Logs are easy to set up, using the AWS control panel.
Integrating MixMode with DeepInstinct
Recently we integrated MixMode with Deep Instinct, a powerful endpoint monitoring tool which allows security analysts to review DeepInstinct and MixMode data together on the MixMode dashboard. Bien Nguyen, Sales Engineer with Deep Instinct worked with the MixMode engineering team to make this integration possible.
“Deep Instinct is the next generation of endpoint security platforms. Considering that companies are changing so rapidly today, and their infrastructure with them, securing the endpoint on any OS, any place, at any time, has never been more critical.” Says Bien Nguyen of DeepInstinct
“Within the cyber security framework, integrations and strategic partnerships are crucial. There are no silver bullets and having best in breed solution integrations with other cyber security platforms is not a ‘nice-to-have’ anymore, it’s a business requirement for enterprises. Integrating with MixMode is a massive win not only for our two organizations, but the customers we both serve. MixMode’s comprehensive network traffic analytics platform is a crucial layer to our customers success securing their network and we are proud to be working with them and their team.”
We outlined the integration in this article: Continue Reading