Why security teams choose the Huntsman SIEM Download the datasheet The functionality most valued by defence-grade customers Huntsman's SIEM features Case Studies The core of your SOC Other Huntsman Products
The Huntsman Security Information & Event Management (SIEM) is a software solution architected and designed to operate independently in secure environments and closed networks without the need to rely on external resources to perform ANY function.

Why security teams choose the Huntsman SIEM

Defence-Grade Security

Runs independently on closed networks. Aligned with Five Eyes community.

Unlike other SIEM solutions, our software updates do NOT rely on a “call home” facility to maintain your secure system’s currency.

Rapid deployment

Local installation & training, security cleared engineers.

With our local installation support and training teams, we can bring your team up to speed within days – no specialist skills required.

High Speed In-Stream SOC Processing

130,000+ EPS on a single platform.

Our robust solution can process 130,000+ events per second (EPS) on a single platform to dramatically reduce your time to detection and analysis. These high levels of processing are the product of a design decision to perform in-stream processing whereby all events are analysed before being inserted into the database. This means there is no risk of database contention or compromised performance in high volume environments.

Fully Customisable

Can be extended on site. Works with data diodes & multiple layered architectures.

The Huntsman SIEM contains 1,000+ queries and reports out of the box (OOB) as well as operational and compliance dashboards including GPG13 and ISO27001. As each secured environment is different, the Huntsman SIEM adapts to any design and data source requirements and works with data diodes and multiple layered architectures.

Download the datasheet

The Huntsman Security Information & Event Management (SIEM) is architected to operate independently in secure environments.

Access Now

Trusted By

Customisable and extendable on-site

Huntsman SIEM is easily configured by users to collect and analyse even bespoke event types that are not supported out-of-the-box. The addition of new data sources can be performed without the need to engage Huntsman services or wait for a product update.

Protective monitoring for air gap/data diode protected networks

Huntsman SIEM has been designed to collect data even from networks on the other side of data diodes and air gap controls. This enables multiple networks of differing security classifications to be monitored by a single SOC using a single SIEM.

No license limitations

In keeping with the Huntsman SIEM's defence grade design, the software is NOT restricted by licensing thresholds. The license is based on decisions per second (EPS) averaged over a month. By design there is nothing in the software that will interrupt data collection and analysis.

Self-contained event analytics

Huntsman SIEM is designed to operate in the most secure environments where all communications are heavily controlled and external connectivity is not available. It performs all analysis in-situ without the need for Internet connectivity. All upgrades and threat intelligence data can be downloaded independently, validated and securely transferred to the system ready for use.

Non-sequential event handling

Huntsman SIEM can analyse events that have been delayed in transit in the context of related events that occurred at the same time, rather than just those occurring now. This ensures that if an alert would have been raised had the event data not been delayed, the alert will still be triggered when the data does get analysed by the software. While originally developed at the request of the Department of Defence in support of field operations, it is an integral part of the product available to all customers.

The core of your SOC

Huntsman Security’s SIEM sits at the core of your Security Operations Centre (SOC) as a single, comprehensive, yet flexible multifunctional threat monitoring and response platform.

LIVE INTERFACE & VISUALISATION

Real-time MITRE ATT&CK® heatmaps and threat summary + GUI driven query interface to optimise investigation and save time
Configurable alert rules and behavioural models, allowing the detection of the widest range of threats – including APTs and Zero Day threats
Centralised management & coordination of alerting rules, event collection, queries and reports for reliable security governance
Lifecycle visibility of alerts, threats and incident information for all stakeholders

SPEED & PERFORMANCE

Advanced, high speed in-stream event processing, analytics and response decision making – with capacity in excess 130,000 events per second
Behavioural anomaly detection to extend discovery beyond predefined patterns and signatures with machine-learning
Automatic collection and integration of multiple sources of Threat Intelligence, for enrichment, threat verification and orchestration, to speed up resolution of incidents and reduce false positives
Accelerated capacity for cyber security decision making with multiple views of attack information by users or endpoints, to pinpoint an asset/user at risk and quickly tailor a defence

WORKFLOW & SCALABILITY

Simple, yet flexible, deployment options and scalable data storage architecture
Support for virtualisation and cloud/on-premise deployment
Optimised for detection, correlation and reporting OOTB – an extensive range of inbuilt alerts for attacks, technology types and compliance standards
Support for a wide range of data sources and technology platforms (hundreds of technologies supported natively + data stream or source can be configured)
Broad range of pricing and licensing models to suit organisations of all sizes and complexity (inc. Capex and OpEx subscription pricing)

SIGN UP TO RECEIVE CYBER SECURITY INSIGHTS

Read by directors, executives, and security professionals globally, operating in the most complex of security environments.