Tenzir - Next-Generation Incident Response

2019-01-07 Matthias Vallentin
tenzir incident response

Actionalbe Insight at your Fingertips

What are we actually doing at Tenzir? As a young startup in the IT security space focusing on network forensics, we are leveraging the power of historic data for the investigation of complex cyber attacks. We are still in the development phase of our product, but here’s a brief sketch about what’s to come.

Currently, we are building a product that enables security professionals to resolve critical incidents in an interactive fashion. We want to empower analysts and investigators to perform decisions timely and with confidence.

There are several reasons why your traditional SIEM may not prove as effective as you would like. Do you experience any of the following?

  • Your SIEM cannot keep up with the rate at which you are producing logs and packet traces.

  • Your SIEM can only keep a few months of data before looking up indicators of compromise becomes undproductively slow.

  • Your SIEM doesn’t support the right export formats that you need for downstream processing and analytics.

If any of these apply to you, then you may like what we are developing: Tenzir, a system for power users who enjoy having full control over their data pipelines. Our command-line interface makes it easy to import and export data—either in one shot or continuously. A web interface is in the pipeline, but first we are prioritizing power users. Tenzir integrates seamlessly with the most common security analysis tools, such as Zeek. As for downstream analytics, we offer zero-copy data transfer to Apache Spark via Apache Arrow.

Moreover, our team actively contributes to the Zeek codebase: we designed and implemented a large part of Broker, the new communication library of Zeek. At BroCon ‘18 we gave a talk about how Broker works, how it performs, and what you can do with it. Have a look at our slides and accompanying example material.

As for the state of development, we are beginning alpha testing Tenzir in large networks. We are looking for security operators who are drowning in data and whose mind is faster than their toolchain. If this is you, and you are open to testing cutting-edge technology that you can still shape according to your needs, we would be thrilled to engage—simply drop us an email at info@tenzir.com.