What is Fluency?

Fluency is network behavioral analysis built into a threat hunting & response platform.  Fluency appliances collect network application flow data and correlate it with network, host and application logs. The results scored in real time, allowing the strongest threats to be alerted.

Why Machine Learning and AI?

Why many people talk about reducing staff, the greater issue is the increase in amount of data needing review. The amount of log and network events have grown from tens of thousands, to millions and now hundreds if not billions of events per day. Machine Learning and Artificial Intelligence allows for all this data to be analyzed in a quality manner.

What of Legacy Devices?

Fluency is not a closed system. Fluency roots are in data correlation and threat hunting, and has always been aimed at integration and leveraging what customers have. The most common framework of gathering legacy data is through a syslog grid.  Yet, Fluency also has more modern collection capabilities that address Amazon Web Services, OpenDNS, Office 365 and other cloud services.

How does NBA handle cloud infrastructures?

Fluency is not limited to network analysis. Network Behavioral Analysis (NBA) is a common term that people can relate to.  Fluency is able to import and correlate Cloud and Host events.

Does Fluency handle Cloud Services like AWS and Office365?

Fluency can parse and correlate cloud service events.  Many organizations are beginning to use AWS and Office365 services, and yet they are not collecting the logs from these devices.  PCI, HIPAA and FISAM all require that these logs are centrally collected and reviewed daily.  Fluency is integrated with AWS and other cloud services to collect these logs and correlate them with your local network activity too.  Though many solutions are moving to the cloud, the job for IT to collect and review logs no matter where the application resides still exists.

How is Fluency deployed?

Fluency is composed of two parts.  The customer piece of equipment is called a sensor.  Sensors sit at the gateway of a company in order to collect flow metadata from a passive tap.  The sensor also acts as a syslog-sink-relay.  Security devices point their syslog channels to the sink.  The other part of fluency is the server. Users can log on to work from a private or a public cloud.  Communication protocols between any Fluency device is limited to https (443) and ssh (22).

Does my network produce that much data?

People are amazed by how much data is really generated by a network.  A 1Gbp/s network generates around 1k events per second from flow data alone.  SIEM tools just do not handle even this much data.  Fluency not only collects, but correlates the data. In Fluency, communication is correlated in a manner that the assets, users and alerts are correlated with flows.  All this data is needed when there is an issue.  Fluency can track an asset as it changed network addresses.  Many organizations take close to an hour finding the user of a session, and longer finding the asset involved.  All this data is critical in resolving issues.

More questions?

You can contact us contact@securitydo.com.