Lightweight and FAST to deploy, yet Scalable for large complex organizations

Fast to Deliver Value

In 2 days, GreySpark delivers an industry-first visual Key Control Indicator (KCI) assessment - across all the vendor technologies you already have. In 2 weeks, GreySpark provides a comprehensive set of Key Performance Indicators (KPI) for your security operations. KPIs and KCIs are data-driven, automated, continuous, consistent and repeatable.

Scalable to Any Enterprise

With configuration options that span from a single on-premises assessment “appliance” to auto-scaling analytics clusters deployed in any combination of on-premises or cloud, GreySpark scales to meet the measurement and reporting needs of enterprises and their services organizations.


Data Collection Appliance (DCA)

The DCA is a powerful yet lightweight security log and data aggregation system. Deployed as a virtual or physical appliance, on premise or in the cloud, it receives any sensor output (SysLog, SNMP Traps, etc.) you point at it (it can also go get info via web APIs). The DCA immediately starts organizing, compressing and encrypting this data in preparation for production of the Cyber Defense Matrix and upstream analytics using GreySpark's Business Intelligence analytics.

The DCA takes data from all security vendor systems, as well as log collectors and SIEMs

Security data aggregation and categorization is a difficult first step in any analytics process. The DCA streamlines and simplifies this step, where any network administrator can accomplish it in under an hour.


Cyber Defense Matrix (CDM)

The Cyber Defense Matrix (CDM) provides a visual Key Control Indicator (KCI) assessment - across all the controls you already have. Security managers spend a few minutes selecting the security technologies and processes they have deployed in their operation, and the CDM maps these into context with the NIST Cyber Security Framework (CSF) operational functions (Identify, Protect, Detect, Respond, Recover) and classes of assets (Devices, Networks, Apps, Data, Users). The CDM also provides compliance overlays, that show coverage with respect to regulations. Once data sources are configured on the DCA, the CDM squares light up with controls activity and other information, such as where controls are configured but not reporting or compliance requirements are being missed.

With one glance, anyone can see control strengths and challenges.


Security Operations Metrics

Beyond periodic controls and compliance assessments, Secure Operations Center (SOC) managers gain continuous insights via the Security Operations performance metrics. The GreySpark business intelligence analytics processes and common information model rationalizes security data across all vendors into understandable, transparent metrics that business and technology leaders can trust.

Measures include those that show when New Threats are amassing or Defense Effectiveness is suffering. The display of metrics is defined by the user and is highly customizable. Some might want to know these metrics by line of business, others by compliance boundary or geography. GreySpark's BI ensures that measures are always in context.

Take a look under the hood. Attend our next regularly scheduled demo.

Register Now

Shared Security Operations

Enterprise shared services organizations or managed security services providers (MSSPs) need to measure, manage and report on the effectiveness of multiple security operations activities, GreySpark provides common measures and centralized management to view, trend and benchmark the performance of each program.

Multiple deployments are handled in an on-premises or through a cloud-deployed secure multi-tenant environment, where scale and complexity never become a management issue.


3rd Party Integrations

GreySpark's common information model and analytics process work with any vendor's security product output. Common integrations are via push of SysLog or SNMP traps, and the DCA is also capable of pulling data via vendor web APIs or direct loading of files.

Recognizing that measures reporting and diagnostics without action is only half of a solution, GreySpark generates emails based on metrics thresholds or anomaly detections and works with major security and IT services and operations management systems to auto-generate incident management tickets.

Network and security operators gain an automated, metrics-based feedback loop on the performance of their operations.


Custom Security Metrics

Further to integrations, GreySpark is "API-first." The bi-directional RESTful API ensure that any data available to the GreySpark UI is also accessible for integration with external data visualization or reporting systems.

Security and software development professionals gain access to raw data as well as the derived fundamental metrics, and can generate new metrics or reports tailored to the business' needs.


Reporting Modules

GreySpark's modular system enables reporting that is tailored to the business operations. MSSPs and SOC managers frequently and efficiently communicate value to stakeholders and customers.

The modules allow features such as the CDM or individual metrics to be configured. It also permits the inclusion of journal entries such as the performance of hunt missions and core statistics based off of raw data.

Watch a Demo Video.

Watch Now

Schedule a Live Demo

Schedule Now