What is ODIN-I?
ODIN-I is a SIEM platform. Broadcom selected Braxton-Grant’s ODIN-I as the recommended replacement solution for the transition from the end-of-life of the on-premises Reporter solution. Braxton-Grant’s ODIN-I solutions provide robust reporting options for customers who require full control over their data and reporting for Symantec Edge SWG products and/or any network-connected devices. Braxton-Grant Technologies has been committed to Symantec Network Security solutions for over twenty years. The ODIN-I solution spawned from a collaboration with Broadcom and Elastic, leading to two product versions — ODIN-I BASIC and ODIN-I PREMIUM.
Both ODIN-I BASIC and ODIN-I PREMIUM include mapping 64 reports from Symantec Reporter to Elastic dashboards and introducing two additional proxy utilization dashboards. The solution also enables ingesting the syslog directly from the Symantec Proxy for enhanced troubleshooting.
ODIN-I BASIC
Version one, ODIN-I BASIC, uses Elastic Search as the foundation. It does not include Artificial Intelligence or Machine Learning. ODIN-I BASIC provides proactive controls with your on-premises and cloud hybrid infrastructure. Consuming user activity feeds from a growing community of devices, including Broadcom Cloud Secure Web Gateway (SWG), ProxySG (Edge SWG), and any other network-connected devices.
ODIN-I PREMIUM
The second version, ODIN-I PREMIUM, uses Elastic Security as the foundation. ODIN-I PREMIUM provides proactive controls with your on-premises and cloud hybrid infrastructure. Consuming user activity feeds from a growing community of devices, including Broadcom Cloud Secure Web Gateway (SWG), ProxySG (Edge SWG), and any other network-connected device. Artificial Intelligence and machine learning proactively focus scrutiny and can even lock down specific users when anomalies are detected, saving hours, days, or weeks in response time. Future transient patterns can be predicted using Elastic’s customized machine-learning models.
ODIN-I PREMIUM Advantages
- Migration of Symantec Proxy standard and custom logs in minutes
- Cost not based on amount of data consumed
- Attack Discovery assesses alerts holistically — rather than as a series of one-off events
- Detect, investigate, and respond to evolving threats with AI-driven security analytics, the future of SIEM. Apply limitless visibility, generative AI, and advanced analytics. All with the Elastic Security AI Platform, built on open source Elasticsearch.
- Expert-built detection rules from Elastic Security Labs. Tackle new use cases with custom ML models, i.e. no data scientists required.
- Deployable as a full function on-prem Elastic Security appliance
- Deployable in public and private clouds
- Able to ingest custom log formats
ODIN-I BASIC Advantages
- Migration of Symantec Proxy standard and custom logs in minutes
- Most cost-effective solution with reduced functionality
- Attack Discovery assesses alerts holistically — rather than as a series of one-off events
- Deployable as a full-function on-prem Elastic Search appliance
- Deployable in public and private clouds
- Able to ingest custom log formats
Features
The integrated Endpoint security agent (Elastic Defend) combines behavioral analysis, ransomware protection, memory protection, machine learning, and signatureless analysis to prevent threats from executing on the endpoint. It also provides deep telemetry to ensure new threats can be identified and remediated with our SIEM.
The focus is on MITRE ATT&CK®-aligned protections and SIEM investigation features like our graphical analyzer view (seen here) help make triage, investigation, and remediation of complex suspicious and malicious activity as easy as possible for every analyst.
If you already have an endpoint solution in place, we can easily integrate with a number of popular tools as well, leaving you the opportunity to consolidate further and extend your ROI even further when the time is right
By minimizing cognitive load and accelerating decision-making at every stage of the threat lifecycle, Elastic tools help ensure that your analysts can focus on what they do best: protecting your organization from cyber threats.The Elastic alert investigation features enable every analyst to quickly narrow down the investigation to just the events that matter, with a simple drag and drop search interface, as well as powerful correlation and hunting capabilities.
Customizable investigation guides bring graphical analysis of network connections, processes, or user behavior to your fingertips – integrating organizational knowledge directly into the investigation workflow, while OS Query manager lets your analysts bring the investigation to the host itself to look for vulnerable packages or misconfigurations, directly from the alert screen.
Cases can be created directly from the investigation workflow – both for alerts, or one-off threat hunting and managed with our internal case management or connected to external platforms like ServiceNow.
Once a threat has been identified, Elastic enables analysts to inspect and take immediate action on endpoints.
Elastic has implemented several connectors to popular dedicated SOAR platforms and is capable of integrating with just about any solution via webhook notifications.
Many of the advanced features require ODIN-I PREMIUM. ODIN-I BASIC leverages Elastic Free and open no cost subscription, and ODIN-I PREMIUM leverages Elastic Enterprise fee subscription. For details on the differences click on this link: Subscriptions | Elastic Stack Products & Support | Elastic
Meet ODIN-I for yourself. Let Braxton-Grant demonstrate the differences between ODIN-I BASIC and PREMIUM so you can see the value and advantages of each. Call for demo and pricing.
Braxton-Grant’s ODIN-I Solution
As a trusted IT advisor, we are here to implement the next generation of visibility and protection.
