HTGanzo - stock.adobe.com
Securonix tackles security data deluge with AI-driven platform
As security data volumes grow and security budgets tighten, Securonix is betting on its AI-driven platform to help businesses manage threats cost-effectively, says its CEO
With the volume of security data growing rapidly, many chief information security officers (CISOs) face a daunting challenge: how to achieve comprehensive security coverage amid tightening budgets.
Securonix, a supplier of security information and event management (SIEM) software, believes the answer lies not in analysing every byte of data, but in an intelligent, tiered approach powered by artificial intelligence (AI). The company claims this can cut security costs by up to 30% while improving threat detection accuracy.
“Security data is exploding 30-40% year-on-year, but the budgets of CISOs are not increasing as much,” Kash Shaikh, president and CEO of Securonix, told Computer Weekly in a recent interview in Singapore.
The company is helping clients navigate this financial tightrope with Data Pipeline Manager, a data-tiering feature integrated into its SIEM platform, challenging the conventional wisdom that all security data must be treated – and billed – equally.
“Some security logs are just used for compliance and don’t need to be analysed by the SIEM,” said Shaikh. Lower-priority data can be routed to more cost-effective storage, where it remains available for later investigation but does not consume expensive processing resources. This stands in direct contrast to some SIEM providers that advocate ingesting all data into the primary SIEM, a practice that inflates customer costs.
Ajay Biyani, Securonix’s vice-president for Asia-Pacific and Japan, India, Middle East and Africa, added that data tiering also enables security leaders to have more meaningful conversations with chief financial officers. Instead of asking for more funding, they can demonstrate how they are optimising existing budgets or even increasing security coverage by onboarding new data sources using the savings.
Securonix is now infusing its platform with generative AI capabilities. An AI agent set to be released later this year will analyse security logs and recommend which logs can be safely moved to lower-cost tiers because they are not triggering security policies, making the cost-management process more dynamic and autonomous.
User and entity behaviour analytics
The company’s focus on AI is not new. Securonix was founded 15 years ago on its user and entity behaviour analytics (UEBA) technology, which employs machine learning algorithms to detect anomalous activity that could indicate insider threats or compromised accounts.
“That’s our secret sauce,” said Shaikh. “Those algorithms are unique and our intellectual property. They detect anomalous behaviour – for example, an employee trying to download two terabytes of data at 2am in the morning.”
He said Securonix’s heritage in high-fidelity detection is why customers turn to the company to combat alert fatigue – a common problem in which security teams are overwhelmed by false alarms, causing them to miss genuine threats.
“When a large stock exchange moved to our SIEM from a different product, they reduced their false positive rate to zero,” said Shaikh. “All the alerts that are generated are now high-value alerts that would result in breaches if they were missed.”
Read more about cyber security in APAC
- Proofpoint is expanding its footprint in APAC, aiming for growth of up to four times that of its global business as it responds to a threat landscape supercharged by AI and cryptocurrency.
- Qantas is investigating significant data theft of personal information for up to six million customers after a third-party platform used by its call centre was compromised.
- Singapore non-profit organisation HomeTeamNS suffered a ransomware attack that affected some servers containing employee and member data, prompting an investigation and enhanced security measures.
- Gil Shwed, Check Point’s co-founder, discusses the company’s focus on AI-driven security and his commitment to remaining an independent force in the cyber security market.
Securonix is also a firm believer in open architecture, a key differentiator in a market increasingly dominated by sprawling, single-supplier platforms. The company positions itself as a “pure play” SIEM supplier that integrates with a customer’s existing, often diverse, security tools. “We believe in the cyber mesh architecture and we have hundreds of connectors,” said Shaikh.
Securonix’s growth is fuelled by both organic innovation and acquisitions, such as its recent purchase of ThreatQuotient, a threat intelligence firm. A key consideration for any acquisition, he said, is whether it aligns with the needs of CISOs and security operations centres, where SIEMs are a key tool.
While Securonix started with an on-premise SIEM offering, 95% of its business now comes from the cloud, built on Amazon Web Services. This includes serving highly regulated industries such as banking and healthcare, which have increasingly embraced cloud-based SIEM platforms.
The company’s growth in the Asia-Pacific region is a key priority. It recently added resources to its Australia and New Zealand operations and plans to establish a presence in Japan. In doing so, it works with a handful of key partners in each market to scale its business, said Shaikh.
Ultimately, Securonix aims to provide financial returns for its customers. “If a customer stays with us for three years, their return on investment is realised within six months,” said Biyani, citing an economic impact report by analyst Forrester. “I have never seen that with other tools in other industries. That is a big thing for customers.”
