The combination of Bandura & Gravwell provides joint customers with a comprehensive approach to cybersecurity that combines actionable threat intelligence with powerful data analytics capabilities.

Bandura blocks known bad traffic at scale using a combination of simple, innovative technology and best-in-class threat intelligence. Gravwell’s Data Fusion Platform enables users to easily ingest, store, analyze, and display machine data, including security logs.

The combination of the two platforms provides improved protection from cyber threats and more effective and efficient threat detection, investigation, and response.

Benefits

Green shield with a checkmark icon

Comprehensive visibility into your security posture

Green Shield_icon with a checkmark icon

Improve threat detection

Green Shield_icon with a checkmark icon

Reduce the time to investigate and respond to security incidents

Features

Green Shield_icon with a checkmark icon

Leverage Gravwell for longterm storage of Bandura logs

Green Shield_icon with a checkmark icon

Aggregate logs from multiple Bandura ThreatBlockr appliances in Gravwell

Green Shield_icon with a checkmark icon

Use more customizable and advanced analytics, visualization, and reporting capabilities

Green Shield_icon with a checkmark icon

Correlate Bandura logs with logs from other security controls and systems

Bandura Provides Smart, Simple, & Scalable Network Security Everywhere

Bandura blocks known bad traffic at scale using a combination of simple, innovative technology and best-in-class threat intelligence. We provide 30 million “out of the box” threat indicators from the world's best sources and offer over 50 point-and-click integrations and connectors: ISACs, ISAOs, Threat Intelligence Platforms (TIPs), SIEMs, SOARs, or any other IP or domain based source.

Policy enforcement and blocking is handled by our ThreatBlockr appliances, which can block up to 150M threat indicators in real-time with no latency. ThreatBlockr inspects inbound and outbound traffic and makes simple, policy-based allow or deny decisions based on threat intelligence (IP reputation, block lists, allow lists), GEO-IP, and/or Autonomous System Number (ASN). ThreatBlockr can be flexibly deployed on physical, virtual or cloud appliances, as a cloud-based service or any combination of these. Regardless of deployment, we can protect your users and networks everywhere and our cloud-based Management Portal gives you a central point of visibility and control.

As data flows through ThreatBlockr appliances, the Bandura platform generates a significant amount of data that helps you analyze your security posture, identify and remediate threats in real time, and easily solve for false positives. Non-PII metadata is sent to our Global Management Center to allow quick analysis of your security posture and detailed data is sent to any SIEM, Syslog server or security analytics tool of your choice for further detailed analysis.

Bandura Logs Provide Powerful Data & Syslog Export Capabilities

One of the many powerful features of the Bandura platform are powerful logging capabilities with ThreatBlockr appliances logging every connection (allowed or denied). Logs allow you to look at inbound and outbound connections and quickly see things like:

Green shield with a checkmark icon

Source and destination IP

Green shield with a checkmark icon

What country is an IP from? What network is it from based on Autonomous System Number (ASN)?

Green shield with a checkmark icon

Was it Allowed or Denied?

Green shield with a checkmark icon

Why was it Allowed or Denied? Was a connection denied because it was a malicious IP on a threat intelligence feed? The result of a Country (GEO-IP) policy?

Green shield with a checkmark icon

What threat intelligence feeds are an IP or domain on?

This log data can be analyzed to provide valuable information to help organizations analyze their security posture, identify and remediate threats in real time, and easily solve for false positives.

ThreatBlockr appliances store a limited amount of log data in memory on the device. To enable organizations to support more comprehensive security monitoring and analytics efforts and satisfy compliance requirements, the platform provides powerful syslog export capabilities.

Syslog export in the Bandura platform is also customizable enabling users to control which logs to export to one or more external SIEM tools. Each syslog export is independently configurable such that it can be filtered by Log Type, Resource Group, Verdict (Allowed or Denied), and Direction (Inbound vs. Outbound). This enables users to control what data they are sending to SIEMs, which in turn drives down SIEM costs as these costs are often driven by the volume of data the SIEM is ingesting. As you will see with Gravwell, this is a non-issue as unlimited data and predictable costs are two core components of their solution.

Gravwell Data Fusion Collects Data From Industry-Leading Sensors, Like Bandura, for Correlation with Network Events, System Logs, & More

Bandura is a crucial source of valuable data necessary to secure networks and systems. The challenge with having a great source of information begets some questions. Where do I put these events? How long can I store them for? Can I correlate with threat feeds, DevOps logs, or Network information? With Gravwell, collection and analysis of Bandura events becomes easy.

Gravwell turns your data into a wealth of actionable knowledge. You've already invested in software and hardware that generate an overwhelming amount of data - Gravwell protects your budget by eliminating skyrocketing data ingestion costs. Enable your teams to collaborate and work together without limiting what data can be ingested into the platform. With Gravwell, there are no limits.

Gravwell’s Data Fusion Technology allows organizations to expand beyond traditional data collection types. Your teams work better together, and so does your data. Fuse performance, demographics, intelligence, business, and much more with your security and machine data to provide value to each and every part of your organization.

True Scalability

Whether you are ingesting and analyzing 5 Gigabytes a day or 5 Petabytes, Gravwell’s revolutionary technology stack allows you to scale seamlessly - adding additional nodes in just minutes without pausing, resetting, or restarting.

Data Without Limits

Don't spend time and resources looking at subsets or poor translations of data. Gravwell gives you the ability to ingest and analyze data in its natural state. Machines aren't limited to a single language and neither is Gravwell.

Unparalleled Visibility

Cut through the noise and visualize what is important to your organization. Bring data, metrics, queries, analytics, and events to life with fully customizable living dashboards.

Automation

Empower your administrators, operators, and analysts to eliminate mundane activities and supercharge their efficiency. Gravwell's powerful automation features can be used to automate workflows, data enrichment, operations, tasks, queries, reports, and take action.

Gravwell’s Data Fusion Platform provides unprecedented capability for data collection and analysis across multiple business units within an organization. Created from scratch out of necessity by industry experts, the Gravwell platform addresses gaps in log and network analytics tools available on the market today. Gravwell powers rock-solid decisions through unlimited analytics, because data is better together.

Flow chart graphic that explains how Bandura Cyber works

Bandura Cyber Kit for Gravwell

Bandura and Gravwell collaborated to develop the Bandura Cyber Kit for Gravwell. Gravwell Kits are prepackaged use case bundles made of searches, dashboards, resources, and more giving users fast and pertinent real-time visibility into your data.

The Bandura Cyber Kit for Gravwell automates the process of integrating Bandura log data into the Gravwell platform and provides pre-built dashboards that visualize log activity from one or more Bandura ThreatBlockr appliances.

Aggregated activity dashboards provide a holistic view of your security posture where you can easily see what traffic is being allowed or denied by Country, ASN, Reason (GEO-IP, Denied List, Threat List, Allowed List). You can also look at trends in denied traffic over time.

Aggregated activity dashboards provide a holistic view of your security posture where you can easily see what traffic is being allowed or denied by Country, ASN, Reason (GEO-IP, Denied List, Threat List, Allowed List). You can also look at trends in denied traffic over time.

The single indicator dashboards lets you easily understand the behavior of a specific indicator, such as an internal IP address. What countries and ASNs is the endpoint being blocked from or allowed to connect from? What were the Reasons (GEO-IP, Denied List, Threat List, Allowed List) resulting in connections being allowed or denied? This dashboard also provides heat maps for egress and ingress GEO-IP and a very cool point-to-point connection graph on a world map.

The Bandura Cyber Kit for Gravwell provides a launchpad for common customers to easily quickly integrate and visualize Bandura log data in the Gravwell platform. Within Gravwell, users have the ability to customize, create, and share their own kits to incorporate specialize queries, dashboards, and playbooks.

Flow chart graphic that explains how Bandura Cyber works

To learn more about Gravwell visit https://www.gravwell.io/ or schedule a demo.

To learn more about Bandura visit https://www.banduracyber.com

For more information about Bandura’s solutions contact us at 1.855.765.4925 ext 3 , or by email at sales@banduracyber.com.

Want to Learn More? Contact Us.

Bandura Cyber welcomes your questions. Please fill out the Contact Form and a Bandura Cyber team member will reply within one business day.

Get in Touch