Overview

Collect More Data

Almost every device on your network is constantly generating data that is relevant to your business: from the security of your network to potential user fraud. Most of that data is never being looked at. Qato's capabilities will allow you to collect vast amounts of data in one location from multiple sources and make it available for centralized analysis. To truly understand what is going on in your network, you must collect as much information as you can.

Store Data Longer

Data on your network is constantly growing. For example, network security sensors are usually focused on one facet of protecting a network and focus on a time frame of seconds to minutes. SIEMs collect data from multiple sensors and typically focus on time frames of minutes to hours to days. When you hear about network intrusions in the news, it’s often the case that the bad guys have been in the network for weeks, months, or longer. You need to store data for much longer to be able to analyze bigger trends and review what has happened on your network over longer periods of time. Qato's big data architecture allows you to store and evaluate that data over time. Recognizing fraud activities over time requires the same pattern recognition.

Perform More Advanced Analytics

Qato’s open, scale able architecture allows for a multitude of processing and analytic techniques to be used with the data including visualization, SQL queries, and custom programming.  You’re free to apply whichever analytic techniques make sense in your environment. Your data is not hidden deep inside a black box, so your only limitation is your imagination. 

Architecture

Qato's design provides a scalable architecture that allows for collecting as much relevant data as possible for unique analysis to detect anomalous malicious behavior and to allow for more detailed analysis once malicious behavior is detected. For example, the cybersecurity implementation of the Qato anomaly detection engine would focus on collecting as much relevant network data. Accordingly the Qato solution collects logs from multiple different sources (Windows Event Logs, Linux syslog, firewall, network monitoring, etc.), stores this data in its scalable, distributed backend and then performs extract/transform/load (ETL) to convert the various data formats into a common format. Finally, an analysis capability allows analysts to detect anomalous behavior via a visualization front-end.  But that is just the start.  In addition to traditional security relevant data, Qato's design allows us to collect supporting data and use it to help increase the accuracy of the information being produced by the system. For example, vulnerability scanning results can be loaded into the system and then correlated with intrusion detection alerts. If a network-based intrusion detection system claims that a particular web server attack was launched on a target system, the fact that a vulnerability scanner already checks that server for that particular vulnerability is useful in raising or lowering the threat level of the attack.  Once the data is in the common format, there are a variety of ways to process the data to get information.  Analysts can query the data using SQL. The Apache Spark API is also available. This means that developers can develop analytics in multiple languages and are not tied to any proprietary scripting languages that may be limiting.