Anton Goncharov

Technical Product Leader

Anton Goncharov is an experienced technical executive with a 26-year career spanning enterprise solution delivery, cybersecurity consulting, managed services, and product development.

PROJECTS

Gemini Investigator

Gemini Investigator is a revolutionary investigation platform for cybersecurity and IT operations. It helps analysts to quickly discover unknown facts across a variety of event and contextual data sources. It’s powered by an extensive semantic ontology developed in-house at Gemini, and leverages semantic reasoning to reach logical conclusions from the data it observes, the same way a human analyst does.

Gemini Investigator is an unprecedented solution with a unique approach. Unlike common security data analysis tools which take advantage of machine learning, Investigator intelligently “understands” the meaning of the data it’s processing and generates new facts based on evidence and solid logic. This is in stark contrast to many popular tools which simply help organize available data and rely on analysts for interpretation. Investigator automates low level analysis, freeing analysts to focus on higher level tasks, such as following their intuition and identifying obscure facts.

The benefits of this approach go far beyond Information Security. The resulting body of knowledge covers most of the aspects of enterprise IT, because it vertically integrates technical aspects, like system processes or indicators of compromise (IoC) with high level business functions and applications. The key information across all of the enterprise IT is presented via a single pane of glass and can be consumed by a non-technical user without specific domain expertise. This allows the whole IT organization to solve problems in their respective areas, from governance and compliance to business risk management, using the same shared set of facts and information. It creates a single automated knowledge management repository, which enables decision marking and revolutionizes IT management across the board.

Collaborate on investigations and transfer gained knowledge throughout your organization with Gemini Enterprise.

Gemini Enterprise does more that illustrate your enterprise IT data. Visualization becomes a means for analyst investigation, enabling the solving of complex problems with your data simply and quickly.

Learn More

Distiller KPI

Distiller KPI is a solution which I have designed, and my team had built back in 2013. It has grown out of our field practice at MetaNet IVS and is based on years of experience in the enterprise event management field.

It’s an event-driven data analytics application that instantly delivers relevant, actionable, and context-rich metrics for information security and operations teams.

Distiller KPI automatically consumes event data produced by SIEMs (like HP ArcSight or Splunk) for interactive study, with focus on specific business objectives, and offers a practical way to measure performance across standard control groups, as evidenced by historical data.

Since then, other tools with similar approach came to market, most notably Splunk’s ITSI, which had seen a significant adoption.

Functionality:

Trace behavior of key performance indicators (KPI's) over time.
Evaluate indicator performance against historical activity and moving averages.
Identify positive or negative trends and discern deviation.
Trace the impact of significant changes to your infrastructure.
Compare performance across individual Business Units, Locations, Network Zones, Users, and Hosts.
Instantly produce reporting deliverables for further review, presentation, or delegation.