PADAS

Real-Time Security Event Processing

Transform, Filter, Detect & Aggregate

PADAS empowers organizations to seamlessly process and analyze streaming data in real-time, enhancing your SIEM and analytics platforms with advanced detection capabilities.

Enhanced Scalability

Handle trillions of messages per day with low latency.

Cost Efficiency

Reduce operational costs by offloading data processing tasks from expensive SIEM systems.

Real-Time Threat Detection

Improve response times and reduce risks by detecting security threats in real-time.

More Information




Overview

PADAS is a powerful solution built on the robust Confluent Platform, designed to transform, analyze, and filter terabytes of streaming data in real-time. By running various pipelines that perform transformations and detections, PADAS alleviates the load on your existing SIEM and analytics platforms, ensuring efficient and effective data processing. This scalable, real-time data processing solution efficiently transforms, filters, enriches, detects, and aggregates streaming event data before it reaches your SIEM, ensuring that only relevant and actionable information is processed. This approach not only boosts the accuracy and speed of threat detection but also lightens the load on your SIEM, optimizing and future-proofing your overall security infrastructure.

We are proud to be part of the Build with Confluent initiative. By verifying our streaming-based use cases with Confluent, you can have confidence that our Confluent-based service offering is not only built on the leading data streaming platform but also verified by the experts at Confluent.



  1. Core Capabilities

    1. Key Features & Benefits
      1. Real-Time Data Processing
        Transform, filter, and analyze massive volumes of data in real-time, ensuring timely and actionable insights.
      2. Enhanced Threat Detection
        Boost the accuracy and speed of threat detection with efficient data processing, minimizing false positives and improving response times.
      3. Scalable Architecture
        Seamlessly handle terabytes of streaming data without compromising on speed or performance, no matter your data load.
      4. Reduced SIEM Load
        Offload data processing tasks from your SIEM, freeing up resources and reducing operational costs while maintaining high performance.
      5. Cost Optimization
        Streamline your security operations and reduce costs by processing only relevant data, avoiding vendor lock-in, and maximizing SIEM efficiency.
    2. Integration & Flexibility
      1. Flexible Integrations
        Easily integrate with existing platforms and leverage pre-built rules aligned with the MITRE ATT&CK Framework.
      2. Seamless Data Integration
        Automate data transformation from various sources, simplifying complex data pipelines and ensuring smooth data flow between systems.
      3. Vendor Independence
        Retain flexibility and control over your security operations with a platform that integrates with multiple SIEMs, avoiding long-term vendor lock-in.
    3. Future-Proofing & Adaptability
      1. Customizable Rules
        Create and deploy custom detection rules using PADAS Domain Language (PDL), with no dependency on your current SIEM infrastructure.
      2. Scalable and Modular Design
        Expand and adapt your security infrastructure as your organization grows, with a platform designed to evolve with your needs.
      3. Long-Term Flexibility
        Maintain the ability to integrate new technologies and data sources as they emerge, ensuring your security operations remain cutting-edge.
    4. Professional Support & Services
      1. Technical Support
        Assistance with errors or issues in your Padas environment for long-term health.
      2. Professional Services
        Consulting for architecture, deployment, configuration, and operations to ensure a production-ready cluster.

See it in action

Frequently Asked Questions

  • PADAS is a Kafka Streams application that performs data transformations and runs real-time queries (PDL - Padas Domain Language) on streaming data. The goal is to keep things simple and take some of the burden away from existing SIEM and Analytics platforms by transformations and detections in order to create alerts, enriched, transformed, and/or aggregated results.
  • PADAS runs transformation and detection pipelines on streaming data for any number of input topics. Transformations can perform enrichment, filtering, field extractions while detection rules enable creation of alerts and populates one or more topics. We have built a tool to convert Sigma v2 rules to PDL so that SIEM and/or analytics platforms can consume these alerts with minimal efforts. PADAS Manager provides an easy-to-use user interface for managing these configurations.
  • PADAS is NOT a logging or analytics solution but it augments the value of such systems. There is no limit on ingest volume as the solution utilizes robust Confluent Kafka as streaming platform with simple/intuitive queries. For example, when an organization wants to analyze Microsoft Sysmon data in order to detect adversary behavior, they need to configure their existing SIEM or analytics system to process 100+ GB/day or even TBs/day endpoint data (depending on organization's size). This approach comes with additional licensing and hardware costs along with operational overhead for existing SIEM/Analytics platforms. PADAS takes this burden away and filters Sysmon data according to required use-cases (e.g. MITRE ATT&CK or any other custom query) and only sends generated alerts to downstream SIEM/Analytics system.
  • In theory, any analytics or logging solution can be considered as a competitor; however, we'd like to consider PADAS as an augmenter to these technologies. A direct competitor would be an in-house built solution and process that filters streaming data before allowing SIEM/Analytics systems to consume it. Even in those situations, we believe that our simple management interface, intuitive query language, support, and expertise will be beneficial to organizations.
  • PADAS leverages the power of Confluent’s streaming architecture to process terabytes of data in real-time. It allows you to efficiently transform, filter, and analyze data as it flows through your system, ensuring that threats are detected and addressed instantly.
  • Yes, PADAS allows you to create and implement custom detection rules using PADAS Domain Language (PDL). These rules can be tailored to your specific security needs without relying on your existing SIEM infrastructure, giving you greater control and flexibility.
  • PADAS integrates with a wide range of data sources, including platforms like Winlogbeat, Splunk, Elasticsearch, SNMP, Syslog, AWS, and more. The platform uses Confluent connectors to ensure seamless data integration, allowing you to process and analyze data from diverse sources effortlessly.
  • PADAS reduces costs by optimizing the data processing workflow before it reaches your SIEM. By filtering out irrelevant data and reducing the operational load on your SIEM, PADAS minimizes the need for additional infrastructure investments and lowers overall operational expenses.
  • No, PADAS is vendor-independent. It integrates with multiple SIEM platforms, giving you the flexibility to use the tools that best meet your needs without being locked into a single vendor’s ecosystem.
  • PADAS is designed with a scalable and modular architecture that allows your security infrastructure to grow and adapt as your organization evolves. It supports the continuous integration of new technologies, data sources, and detection strategies, ensuring your security operations remain robust and up-to-date.
  • We provide comprehensive support, including detailed documentation, integration guides, and personalized assistance. Our team is available to help you with everything from initial setup to custom rule creation, ensuring a smooth implementation process.
  • Absolutely. PADAS enhances the accuracy of threat detection by processing data in real-time, applying advanced filtering, and using customizable detection rules. This ensures that only relevant threats are detected, reducing false positives and enabling faster, more accurate responses.
  • Getting started with PADAS is easy. You can request a personalized demo through our website, where our team will guide you through the setup and configuration process tailored to your specific needs.