Security AnalyticsEnhance Existing Tools and Intelligence

Shared Insight Protects More Powerfully

Flexible Integration Works Intelligently With Your Security Ecosystem

Protecting your enterprise from constantly evolving external and internal threats requires a variety of tools, data feeds, and analysis techniques at all levels of the IT stack. However, integrating multiple technologies across diverse silos has typically been complex in the past.

As a result, workflows often revolve around aggregation of shallow data sources or require jumping between fragmented systems. This results in too much time lost reacting to false alerts or chasing gaps in coverage and data discovered only during investigation.

Corvil is designed with an open architecture and streaming analytics to work intelligently with other tools and data sources in your environment. Use Corvil’s API to enable programmatic and automated interactions with Corvil data and workflows. The result: a stronger security ecosystem in which you gain more value from existing investments.

Similarly, the pre-built integrations we’ve developed with our alliance partners are designed to enhance your detection, investigation and response workflows.

Ecosystem Integration

Outcomes

  • Streamlined detection and investigation
  • Improved response accuracy
  • More comprehensive and effective ecosystem
  • Greater overall protection
  • Richer contextual analysis
  • New levels of visibility and context
  • Improved value realization from existing solutions

Partner Ecosystem

“Our security tools today are too complex and burdensome to use, and, simply stated, complexity is the enemy of security.”

Marc Goodman
Future Crimes: Everything is Connected, Everyone is Vulnerable and What We Can Do About It

Benefits

SIEM Orchestration

Reduce alert fatigue by streaming our high-value insight into SIEMs such as Splunk, IBM QRadar, Intel Security McAfee and HPE ArcSight.

Endpoint Security

Simplify detection and response with bidirectional integration with solutions such as Carbon Black.

Threat Intelligence

Streamline detection by integrating data sources such as ProofPoint Emerging Threats, FireEye iSIGHT Intelligence and other TAXII and STIX compliant feeds such as FS-ISAC.

Big Data Analysis

Enable richer investigations and behavioral analysis by integrating our streaming analytics with Cloudera Enterprise, Hadoop, MongoDB, Elastic, Kafka, Storm, Flume, and Tableau.

Relational Databases

Simplify reporting workflows and enrich queries by adding our indexed data to Oracle Database, Microsoft SQL Server, and Oracle MySQL.

Custom Solutions

Simplify integration with security solutions, machine learning software, behavioral analysis or other applications with our open APIs and SDK.

“Like integrating threads of fiber in a rope, the integration of these capabilities, the exchange of intelligence between them, and the exchange of intelligence to and from the community and threat intelligence providers deliver overall greater protection.”

External Data Sources Enhance Our Analytics

  • Threat intelligence feeds are matched against activity data in real-time and retrospectively
  • Automatic sharing of intelligence about observed compromised hosts
  • Automated querying and filtering of partner intelligence to enrich specific triage workflows

Stream Our Analysis To Other Solutions

  • Live stream or selectively integrate activity data about potential threats to SIEM orchestration platforms
  • Continuously stream comprehensive communications (L2-L7) activity data into big data platforms for additional behavioral analysis
  • Incorporate filtered and indexed data into relational databases for SQL-based analysis and reporting

Interactive Workflow Integration

  • Incorporate menu options and click-back functionality from partner products within Corvil dashboards and vice versa.
  • Adaptive full packet capture for suspicious hosts examined on-demand from partner consoles
  • Automated and/or triggered actions such as quarantining of compromised hosts