MindStorm Hybrid Correlation Techniques:

• Statistical Correlation is the fundamental correlation method which consolidates all incoming events based on the same Event ID and Destination IP address. All events will be given a severity for easy prioritization. Security administrators do not require to configure and can keep their eyes on one alert entry instead of thousands of entries for the same alert. Security administrators can customize threshold values to reduce false alarms and make security events monitoring and analysis easier.

• Stateful Correlation identifies real attacks by mapping pre-defined customer’s business assets and stateful rules. Each stateful rule contains the event conditions and thresholds to deal with any infrastructures and security threats. When incoming events match any of the conditions of the policy rules, MindStorm will classify that it is a real attack and trigger an alert for security administrator can respond to the real attack efficiently and effectively.

• Machine-learning Correlation is based on Clustering technology to group related events into an incident from different types and brands of devices. It helps security manager to analyst the attack path of the attack and the incident playback to understand the event occurrence sequence. Now security manager only needs to manage incidents instead of events.