The platform facilitates the rapid deployment of security operations center (SOC) capabilities supporting data gathering and incident/forensic response. The platform is standalone and can be used to extend security operation capabilities, or integrate with existing security tools such as SIEMs, AVs, and Analytical/BI toolsets.
The platform provides dedicated infrastructure that can scale to meet your current and future data processing needs. Built from the ground up to support security and extensibility it creates immediate perspective and enhanced operational capabilities, with the ability to quickly adjust to your changing requirements.Read More
The platform agent is powered by a lightweight modular plugin system, built with a focus on security covering communications, messaging and logging.
The agent can be extended to suit very specific use cases easily and securely from a central location, allowing for rapid and automated responses to threats or additional customization for business specific requirements.
The base set of plugins allows for security operators to quickly and accurately identify and respond to security incidents in a repeatable manner. This allows operators to perform advanced information and analytical reconnaissance of suspected and realized compromises.
The event log plugin allows central monitoring of any event log source on an endpoint. The platform then provides analytics against security relevant sources, creating actionable alerting and intelligence on your assets.
System Management and Response Plugin
This plugin facilitates the secure execution of vetted, pre-canned management and response actions. These actions are customized to integrate into existing incident response and forensic workflows within your organization. They can be extended to support both technical as well as compliance activities, ensuring a secure operational baseline, while also enabling immediate response to security events.
Using DevOps deployment best practices, dedicated cloud infrastructure is provided to our clients in order to support a secure automated processing and analytical environment. Tied directly into the agent, this enables the ability to prevent, detect and limit the impact of security breaches within the infrastructure, while also supporting rapid deployment of new analytical and data processing pipelines.
The dedicated nature of the environment removes the risk of accidental disclosure or unauthorized access to your data by third parties. It can also be integrated within your current Active Directory infrastructure, providing a hybrid local-cloud integration.
Once data is logged to the platform, it is automatically analyzed to learn the secure and insecure patterns of your systems and network. Activity, relationships, heuristics and statistical analysis are performed to identify and then deal with security based threats. These enhanced views assist analysts in making quick and informed decisions, while also allowing threat responses to be executed in a repeatable and straight forward manner. Further enrichment of both informational and categorized attributes provide additional views and pivots that enable advanced correlation and classification of system activity.
The combination of these processing pipelines focused specifically on your data allows for complex attack scenarios to be identified that would otherwise appear benign and for them to be mitigated in an efficient manner. Views on the data are provided through both simple alerting interfaces and deep dive technical exploration toolsets, with raw data artifacts available for integration into existing tools and processes. This provides immediate benefit and enhancements to operators of all skill levels.
At first, Michelle was reluctant to try a cloud platform. She was used to buy dedicated servers and work with her large corporate clients I.T. team to integrate their networks with the managed security services she offered. But now, working with small and medium-sized businesses, this was becoming a problem. These new customers often did not have dedicated I.T. security teams she could interface with, making it difficult to run deployment projects.
When Eric visited his client website to get information to prepare his next meeting, he did not notice the website had been compromised and also contained an exploit kit. Clicking through these annoying pop-up windows talking about untrusted Flash and Java content, he went about his business, took notes for his meeting and went home. After the computer was idle for a while, the ransomware payload downloaded from the exploit kit started work encrypting files on Eric’s machine and all attached network shares.
When Andre inherited the responsibility for the new assets after the merger, he knew the situation would be bad, but he had no clue how bad it would really be. It was clear that the previous custodians of the I.T. system had no standardized process to operate the network, let alone had any knowledge of cyber security. He needed to find a way to make the system manageable and fast or he would be swamped with security issues.