Adlumin's flagship product Sentry is a cloud delivered SaaS platform that detects identity based attacks in real time using user behavior analytics and active defense. We find attackers impersonating your legitimate employees. As a cloud delivered SaaS application Sentry deploy's in minutes and starts detecting threats immediately by building a pattern of life for every user. User & Entity Behavior Analytics (UEBA)

• Artificial Intelligence-Based Decisions
• No Rules to Write or Hardware to Manage
• Artificial Intelligence Writes Your SIEM Rules
• 24/7 Network Vulnerability Assessment
• Analyzes Firewall, VPN Log Data, & Network
• Automated Anomaly Interpretation
• User and Device Context/Correlation

Log/Device Management

• Automated log and Device Ingest
• Critical Server Log Management
• Real-time Intrusion Detection Alerts
• Windows & Linux Server Management
• Cloud and On-premise Ingest
• Integrated Compliance Management (PCI, FFIEC, FINRA)
• Secure & Encrypted Log Management
• Log Data Normalization

Automated Compliance

• Includes Reports Designed to Hand to Your Financial Auditor
• Risk Management, Visualization, and Analysis
• Automated Reporting for Auditors and Compliance
• Make Decisions in Minutes, Not Days
• Financial Compliance Audit Reports Included
• Know Everything About an Account with 1 Click
• 90-Days of Research Included with SIEM
• 24/7 Anomaly Hunting w/o Hiring Anyone
• Designed for Financial Institutions
• Understand Risk with 1 Button Click

Adlumin collects and indexes data from just about any source imaginable – network traffic, web servers, VPNs, firewalls, custom applications, application servers, hypervisors, GPS systems, and preexisting structured databases. Not only does Adlumin ingest data from any source on your network, we also run sophisticated analytics and machine learning algorithms against all incoming events and use the results as metrics to determine what is anomalous and what is malicious.

360° SAP Security powered by SIEM

agileSI is an award winning, industry-grade solution for continuous monitoring of SAP security events, parameter checks, change detection of critical settings, transaction manipulation and automated response. agileSI is much more than just another tool or SAP plugin. It brings with it a whole new way to manage and monitor SAP® in all of its aspects, while taking care of security. Continuously monitoring basically any stats you desire, it’s a one-for-all solution to give you insight into what’s going on in your engine room, without digging through tons of data and interfaces yourself. And it makes audit preparation and reporting a breeze. agileSI is based on a three-tier architecture model with a collection, administration and analysis layer, respectively. Analyzing the data is achieved by using the agileSI content package for SIEM. This contains an extended Security Analytics Pack which provides the categorization of events and a large set of predefined SAP-specific event correlations for different security domains. It also handles the evaluation of criticality, as well as the visualization & notification and delivers alerting rules and reports.

The added value is a SAP-specific Security Intelligence Package for SIEM. The product approach does not fall back to another isolated solution, but pursues the holistic strategy of establishing security event management at a central point in the company: in the SOC, on the basis of next generation SIEM & Log Management solutions that are planned or already being used in all security-conscious organizations.

Solution offers:

• The SAP-SIEM-integration. agileSI provides a broad set of SAP Extractors, feeding different kind of SAP data, such as database  data,  system  settings,  logs  and  events  from  various SAP security sources into SIEM. The framework and its extractors are highly flexible and  configurable,  to  meet  exactly  the  customers‘ needs. The integration of SAP data into SIEM provides transparency to many stakeholders.

• Domain. agileSI is used for supervision of security-critical activity & events, access control checks and monitoring of audit-relevant information, compliance of system settings and authorizations, as well as SAP Operations support and the monitoring of dedicated SAP business application data & transactions.

• SAP Operations. Integration of SAP Basis near information and events will facilitate SAP Basis processes  and  remediation  cycles,  raising  efficiency at work and providing ad-hoc reports of system metrics data.

• Any SAP Data. Get  any  SAP  data  with  the  help  of  flexible   and   configurable   agileSI data  extractors,  create  any  customer  use  case  and  integrate  any  customer’s  SAP-based applications.

• SAP Security Log Management & Monitoring. agileSI  Extractors  retrieve  all  kinds  of  security-relevant  information  of  SAP NW ABAP based SAP systems.The  included  content  package  adds  SAP Security Intelligence to SIEM.

• Ready-to-use. Ready-to-use with a predefined set of use cases – the agileSI configuration frontend is developed in Web Dynpro ABAP. The key benefit is the powerful and ready-to-use content of predefined uses cases, that makes agileSI a real product, rather than a tool only with high customer site implementation and customization effort. The use cases can be maintained, customized or created newly using the agileSI configuration frontend.

• Guidelines. Implemented DSAG audit guidelines, SAP Security Guidelines and information, as well as practical-proven SAP Security specialists and auditors know-how are transferred into use cases, implemented in agileSI SAP and SIEM components.

 

The AlienVault Unified Security Management (USM) platform provides five essential security capabilities in a single console, giving you everything you need to manage both compliance and threats. Understanding the sensitive nature of IT environments, we include active, passive and host-based technologies so that you can match the requirements of your particular environment.

Asset Discovery

Find all assets on your network before a bad actor does

Active Network Scanning

Passive Network Monitoring

Asset Inventory

Software Inventory

 

Vulnerability Assessment

Identify systems on your network that are vulnerable to exploits

Network Vulnerability Testing

Continuous Vulnerability Monitoring

 

Intrusion Detection

Detect malicious traffic on your network

Network IDS

Host IDS

File Integrity Monitoring (FIM)

Threat Detection

 

Behavioral Monitoring

Identify suspicious behavior and potentially compromised systems

Netflow Analysis

Service Availability Monitoring

Full packet capture

Behavioral Monitoring

 

SIEM

Correlate and analyze security event data from across your network

Log Management

Event Correlation

Incident Response

Allure Security reduces data loss by analyzing risks associated with document access and sharing activities, inside and outside of an organization’s control. Their patented technology combines the power of beacons, threat intelligence and active defense to detect and respond to digital risks, better understand the scope of attacks and hold bad actors accountable. Fields of Appliance: Website Spoofing Allure Website Beacons detect a spoofed website as soon as it is viewed by the first visitor, which initiates the take down process immediately upon fraud being committed. Intelligence is then collected to quantify customer and brand impact, inform responses (i.e. notify impacted clients to reset passwords) and uncloak attackers. The spoofed website can also be flooded with decoy credentials until the site is taken down to devalue the information collected by the adversary, and Allure Decoy Documents are used to detect intrusions resulting from attacks. Cloud-Share Risk Allure continuously watch document activities in the cloud and use patented document beacons to track documents after they’ve been downloaded, copied or shared externally. We enrich all file activities with proprietary geofence insights and leverage unique model-based analytics to surface and mitigate risks that otherwise go undetected and unaddressed. Users can generate scheduled or on-demand risk reports, integrate with a SIEM to correlate findings, create custom email alerts based on specific criteria, and deploy decoy documents to foil and reveal hackers and leakers. Intrusions & Insiders Allure uses attacker behaviors and confidence to the advantage of investigators to narrow and eliminate suspects by planting or sharing alluring documents with beacons to see who takes the bait. Once documents are opened, investigators will receive proprietary geofence and telemetry insights. Attackers and leakers can be revealed by correlating Allure's insights with other available data, and attackers can be held accountable by sharing identifiable findings with company decision makers and/or law enforcement. What it provides?

• Third-Party Monitoring. Know when third parties mishandle or share files outside of policy
• Document Flow Analytics. Uncover file access and sharing patterns both inside and outside of an organization
• Breach & Leak Detection. Be alerted early in the attack cycle if sensitive files are compromised or exfiltrated
• Risk Reports. Schedule monthly reports or generate them on-demand
• Data Loss Forensics. Track data loss back to the source and hold culprits accountable
• Geo Location Enrichment. Enrich file logs with proprietary geo location insights

Our Splunk applications instantly score network logs to identify emerging threats and anomalies within networks. Non-Splunk users can access our API directly and create custom integrations with our SDK. Use Network Behavior Analytics for Splunk to quickly uncover infected hosts and threats to your environment. The Splunk app processes and submits network telemetry (CIM-compliant DNS, IP, and HTTP events) to the AlphaSOC Analytics Engine for scoring, and retrieves security alerts and data for investigation. The AlphaSOC Analytics Engine performs deep investigation of the material, such as:

• Volumetric and quantitative analysis (counting events, identifying patterns)
• Resolving FQDNs and domains to gather context (identifying sinkholes and ASN values)
• Breakdown and analysis of each FQDN label (i.e. hostname, domain, TLD)
• Gathering of reputation data (e.g. WHOIS and associated malware samples)
• Categorization of traffic based on known patterns (e.g. C2, P2P, VPN, cryptomining)

Particular use cases solved by Network Behavior Analytics include:

• Uncovering C2 callbacks and traffic to known sinkholes
• Tor, I2P, and Freenet anonymized circuit identification
• Cryptomining and JavaScript cryptojacking detection
• Flagging traffic to known phishing domains
• Brand impersonation detection via Unicode homoglyphs and transpositions
• Flagging multiple requests for DGA domains, indicating infection
• DNS and ICMP tunneling and exfiltration detection
• Alerting of lateral movement and active network scanning
• Policy violation flagging (e.g. third-party VPN and P2P use)

Email, shared URL’s, file attachments, cloud drives and new digital communications are transforming the way we work. They are also the most accessible entry point for advanced content-borne cyber attacks. Deep Application Learning Continuous and aggregative CPU-level learning of application paths. BitDam live knowledge base of all legitimate executions for common business applications. Real-time analysis, code benchmarking and immediate alien code detection for advanced threats, regardless of the specific attack technique. Alien Code Detection Forever Protected Applications 100% attack code visibility for known and unknown threats, covering all attachments & links. Prevention of sophisticated exploits and evasion methods, pre-code execution. No need for security updates or patches. BitDam Email Security & Malware Protection Features

• Close to zero latency – With minimal email latency of just a few seconds, end-users will not notice any change. With BitDam, they’re safe to click everything that lands in their inbox.
• 2-click integration – Pre-built APIs enables a (literally) 2-click self-service deployment through the BitDam portal, which applies for all mailboxes in the organization.
• Fast and easy deployment – No MX record change is needed, no hassle to your IT team.
• Intuitive dashboard – Your SOC team can view email subject and recipients through the BitDam dashboard, making tracking and investigating attacks simple.
• Email body and clean files are never saved – BitDam scans the entire email including links and attachments, but doesn’t save it unless malicious.
• Quarantine malicious emails – Malicious emails are automatically quarantined, allowing the SOC team to investigate, delete or release them as needed.
• Visibility to other security checks – As a SOC team user you can see what basic security checks each email went through. This includes anti-spam, spf, and dmarc checks.

Unmatched detection rates, immediate prevention of ALL advanced content-borne cyber threats. Any Exploit Logical Exploits and Hardware Vulnerabilities Any Payload Macro-Based Malware, Ransomware, Spear Phishing. Any Known Unknown Vulnerability One Day, Zero Day Attacks Make it safe to click across all channels

• Email
• Cloud Storage
• Instant Messaging

Bottomline’s Cyber Fraud and Risk Management solutions are fueled by a singular, innovative, intelligent, and adaptive platform that is built on a foundation of real-time user behavior analytics and intelligent machine learning, infused with deep risk, compliance and payments security expertise. This market-proven technology delivers real-time cross-channel fraud detection and prevention for even the most complex use cases and powers Bottomline’s comprehensive suite of Secure Payments, Compliance and User Behavioral Analytics solutions. Integrated with rich visualization and forensic tools, Bottomline’s Cyber Fraud and Risk Management platform is trusted by some of the largest corporations and financial institutions in the world.

It empowers security, risk, compliance and investigative teams to:

• Dramatically improve visibility and reduce risk with cross-channel protection that leverages intelligent machine learning, rules based detection, and behavior profiling
• Stay ahead of regulations and protocols through technology infused with deep risk and compliance expertise across industries, payments types and applications
• Easily evolve your payment security program through a highly extensible and flexible platform that advances with your program as needed

Cyber Fraud and Risk Management Solutions Include:
Compliance. Accelerate speed to achieve regulatory compliance requirements, while decreasing complexity.

As part of the Cyber Fraud and Risk Management suite, Bottomline’s Compliance solution provides corporations and financial institutions with a powerful end-to-end offering to accelerate the speed to achieve regulatory compliance requirements while decreasing complexity.

Whether the need is around modernizing an anti-money laundering program, achieving more reliable sanctions screening, improving payments monitoring, highlighting settlement exposure, or automating suspicious activity reporting to meet regulatory requirements, Bottomline’s Compliance solution offers a modular approach to reducing the cost of compliance and increasing productivity.

 

Secure Payments. Protect payments across a variety of applications, channels, and payment types.
Bottomline’s Secure Payments solution protects payments across a variety of applications, channels, and payment types.

Whether it is one business critical application, channel and payment type, or a variety, our highly flexible and extensible platform delivers proven protection against payment fraud through advanced analytics of user behavior and transaction flows layered with intelligent machine learning, reducing risk for some of the largest corporations and financial institutions in the world.

 

User Behavior Analytics. Quickly identify and stop anomalous user activity through rich fraud analytics.
Bottomline’s User Behavior Analytics solution quickly identifies and stops anomalous user activity through intelligent machine learning, rules based detection, and years of experience protecting some of the largest corporations and financial institutions in the world.

The solution captures all user behavior in real-time across all vital systems and provides protection for both external threats in which user credentials have been compromised and internal threats from authorized users.

Powered by an analytics engine, statistical profiling of users and peer groups, alert correlation that includes predictive risk scoring and the ability to visually replay all user activity, the solution is purpose built for today’s threat landscape.

Continuous Threat Detection extracts precise details about each asset on the industrial network, profiles all communications and protocols, generates a fine-grain behavioral baseline that characterizes legitimate traffic, and alerts you to network changes, new vulnerabilities and threats. The alerts the system generates provides the contextual information you need to investigate and respond quickly. Continuous Threat Detection delivers immediate value enabling customers to:

• Rapidly detect industrial operations risk, enhance cyber resiliency, and minimize unplanned downtime
• Prevent impact to physical processes, expensive industrial equipment or injuries to people
• Quickly deploy and scale across multiple sites and reduce overall management costs

Extreme Visibility Continuous Threat Detection deeply understands ICS network communications, protocols and behaviors – providing detailed, accurate information that remains up-to-date. The system automatically discovers asset details across the entire industrial network – IP assigned, nested assets and assets that communicate over serial connections. Security and Operational Alerts Continuous Threat Detection creates a very fine-grain “baseline” model of the ICS environment.  Leveraging a “known good” baseline, and knowledge about how ICS systems work, Continuous Threat Detection employs advanced pattern matching techniques; generating rich alerts when anomalous activity or critical changes occur. Continuous Vulnerability Monitoring With deep insights into the ICS environment, CTD enables users to proactively identify and fix configuration and other network hygiene issues that can leave your network vulnerable to attacks. Leveraging proprietary intelligence, the system continuously monitors the network for new known vulnerabilities – providing precise CVE matching down to the firmware versions for industrial devices.

Cleafy innovative threat detection and protection technology is available in an open and flexible platform that can be easily adopted to address several needs for protecting your online services and users. Features: Cleafy protects on-line services against advanced, targeted attacks from compromised web/mobile endpoints thanks to its unique real-time, client-less threat detection and prediction capabilities. Cleafy has been successfully adopted to protect millions of users against Man-in-the-Browser (MITB), Man-in-the-Middle (MITM), RAT-in-the-Browser, VNC/BackConnect, Mobile Overlay, and other types of attacks. Cleafy is fully client-less - it operates by integrating with server-side infrastructure: Cleafy provides out-of-the-box integrations with several Application Delivery Controller technologies. Cleafy does not require any application change and is completely transparent to end-users. Cleafy provides (no-touch) visibility on endpoints that allows customers to identify potential threats and prevent business disruption from targeted advanced attacks, gain insights on attack scenarios and techniques (e.g. by inspecting code injected by malware) and thus define best response actions and their overall security posture. Cleafy supports Online Fraud Prevention by providing real-time risk scoring and enabling selective risk-based authentication, thus preserving business continuity and user experience. Key Differentiators: Advanced threat detection and protection

• Patented Full Content Integrity (FCI) continuously verifies full application integrity (DOM/XHR/API)
• Deep threat visibility automatic extraction of threat evidence (e.g. malicious web-injects and mobile apps)
• Patented Dynamic Application Encryption (DAE) to enable safe transactions from infected endpoints

Client-less and application-transparent

• Client-less - no agent deployed and passive mobile SDK – no touch of application backend infrastructure
• User-transparent – no impact on end-user experience, content delivery and endpoint performance
• Application-independent - no changes required to application code – no re-training upon new releases

Open, scalable and cloud-ready

• Open architecture and comprehensive REST APIs – integrates any Transaction Monitor, Case Mgmt, SIEM
• Scalable to continuously monitor full application perimeter and analyze millions of events/day
• Deployed either on-premise or over the Cloud

Cloudera DataFlow (CDF), formerly Hortonworks DataFlow (HDF), is a scalable, real-time streaming analytics platform that ingests, curates, and analyzes data for key insights and immediate actionable intelligence. DataFlow addresses the key challenges enterprises face with data-in-motion:

• Processing real-time data streaming at high volume and high scale
• Tracking data provenance and lineage of streaming data
• Managing and monitoring edge applications and streaming sources

Key benefits: REDUCE DATA INTEGRATION DEVELOPMENT TIME Imagine a no-code approach to building complex data pipelines with minimal effort. CDF offers a simple visual UI for building sophisticated data flows to accomplish major data ingestions, transformations, and enrichment from a variety of streaming sources. Powered by Apache NiFi, CDF ingests data from devices, enterprise applications, partner systems, and edge applications generating real-time streaming data. MANAGE & SECURE YOUR DATA FROM EDGE TO ENTERPRISE CDF enables high volume data collection at the edge, even from edge devices using Minifi. Now you can set up widely distributed IoT deployment models for regional data collection with ease using NiFi with Minifi to stream data from the edge. Tight integration with Apache Ranger gives CDF the unique advantage of seamless security across all your data-in-motion and data-at-rest. GET REAL-TIME INSIGHTS FASTER THAN EVER Real-time insights and actionable intelligence mean you can act sooner. Using the powerful streaming platform Apache Kafka, CDF can process several million transactions per second, identify key patterns, compare against machine learning models, and offer predictive or prescriptive analytics to help business leadership make key decisions and seize opportunities. OUT-OF-THE-BOX COMPLIANCE CDF is the only product in the industry offering data provenance and edge-to-enterprise data governance out of the box. In the age of GDPR and other regulatory compliance, it’s important to track data lineage, even for streaming data. NiFi within CDF offers data provenance tracking without any extra configuration or setup. With tight integration of Apache Atlas, you have a complete governance of data from the edge to the enterprise.

Gain visibility into attacks on your environment

Basic security measures are no longer sufficient to protect your business against today’s rapidly evolving cyber threats; this reality is made glaringly evident by the constant stream of breaches reported in the news. Traditional perimeter security technologies such as firewalls and Intrusion Prevention Systems (IPS)—as well as endpoint security like anti-malware—do not provide the broad and deep visibility across your IT infrastructure needed to detect these threats. Evidence of attacks and incursions within your environment can be found in log records and machine data generated by your networked systems, security devices and applications, but how do you unlock these critical insights? Most businesses struggle with the continuous investment in technology and people required to maintain ongoing monitoring of their security posture. The ControlScan Managed SIEM service combines enterprise-class SIEM technology from the ControlScan Cyphon platform with our deep security expertise and service excellence. Comprehensive service collects, correlates, analyzes and stores log data from network infrastructure, servers and applications in order to identify and mitigate security incidents while facilitating compliance with requirements within PCI, HIPAA, GLBA, SOX and other frameworks. The secure, cloud-based Cyphon platform collects log data generated by devices such as firewalls, IPS solutions, servers, desktops and applications. Correlation logic is applied to the aggregated logs to identify potential security threats, and alerts are generated and sent in real time, on a 24x7x365 basis. ControlScan Security Analysts are on hand to support the assessment and investigation of critical alerts and to provide guidance on proper response.

Key features of the ControlScan Managed SIEM Service

• Log Collection for your entire IT infrastructure
• Event Correlation and Analysis leverages multi-sourced log data and advanced correlation rule sets to detect security incidents
• Prioritization and 24 x 7 Alerting
• 12 Months of Log Retention for compliance requirements, including PCI DSS requirement 10
• Reporting and Data Access available to you through ControlScan's web-based platform
• Advance Functionality including:
• File Integrity Monitoring (FIM)
• Custom real-time dashboards

A Unique Solution to Solving the Security Challenge.

As the leader in providing cloud-based, unified security and compliance solutions, ControlScan offers unique value through its Managed SIEM service.

Deploy with ControlScan and get benefits that include the following:

Security-as-a-Service – Avoid costly, up-front investments in hardware, software and technical expertise with ControlScan’s cloud-based services. You’ll be up and running quickly and effectively with an enterprise-class, scalable solution. A solution that gets better with time – Ongoing upgrades and enhancements to the Managed SIEM service ensure the addition of new capabilities for identifying evolving attack methods. At the same time, your ControlScan security team is continually creating and tuning correlation rules for your environment to ensure maximum visibility to true, critical alerts. A staff of security experts watching your back – Only the largest organizations can afford a staff of resources maintaining security and compliance day-in and day-out. ControlScan brings extensive knowledge and experience in both areas, validated by the range of IT Security, PCI and HIPAA certifications held by our team of experts. This knowledge continues to grow as threats become more advanced. A single solution for your biggest challenges – The ControlScan Managed SIEM service delivers functionality you need on three different fronts: 1) Security 2) Compliance 3) Operations. By collecting, aggregating, correlating and analyzing data from your environment, you gain visibility to your organization’s overall security posture, support for key controls in most compliance frameworks, and assurance of the health of your networked systems.

Introducing CORE Security

When it comes to securing your cloud, you need to peace of mind that security’s at the core of your hosted infrastructure. That’s why we’ve put together three ServerChoice CORE Security™ packages, with varying levels of protection, so you can get best-fit cyber security for your organisation.

CORE Base

• Two-factor authentication
• TrendMicro anti-virus & malware protection
• Vulnerability scanning: Unmanaged Quarterly
• System hardening
• Next-generation firewall
• Advanced DDoS mitigation: Standard (20 Gbps)

CORE Enterprise

• Two-factor authentication
• TrendMicro anti-virus & malware protection
• Vulnerability scanning: Unmanaged Monthly
• System hardening
• Next-generation firewall
• File integrity monitoring
• Advanced DDoS mitigation: Enhanced (250 Gbps)
• 24/7 SIEM services

CORE Platinum

• Two-factor authentication
• TrendMicro anti-virus & malware protection
• Vulnerability scanning: Managed Monthly
• System hardening
• Next-generation firewall
• File integrity monitoring
• Advanced DDoS mitigation
• Pro (Terabit+)
• 24/7 SIEM services
• Intrusion Prevention System (IPS)

Bolt-on CORE Security™ Services

In addition to the above security packages, we offer a range of additional security enhancements to deliver maximum protection from cyber threats:

• Data loss prevention (DLP)
• Web application firewalls (WAF)
• Penetration testing
• URL filtering (Virtual Desktops only)
• Email spam filtering and antivirus (Exchange only)
• Compliance consultancy

The CorreLog Server is company's flag-ship product, containing the core functionality to implement full SIEM capability for your enterprise. This 100% web-based system contains our high-speed message collector, indexed search engine, extensible dashboard facility, reporting facility, ticket facility, and unique correlation engine. Its simplicity and power are setting new benchmarks for industry every day. The CorreLog SIEM Server provides a standards-based method of collecting all the system log messages of your network using syslog protocol and SNMP traps. These messages are then correlated into understandable threats, alerts, and actions using sophisticated (but easily configured) rules, and reduced to actionable "tickets" that are sent to users, and which can trigger automatic remediation of incidents. The SIEM Server provides special application in security monitoring for your enterprise, and furnishes a variety of special functions and features to support this critical role, including data encryption, ready-to-run correlation rules and TCP tunneling software. Other roles of CorreLog, including performance management, analysis of business information, and log file analysis are also supported within the product.

System Features

 

• The CorreLog SIEM Server is specifically designed to leverage the capabilities of your existing infrastructure without requiring extensive installation of agents or other software. The program is designed for high capacity, enterprise scale message aggregation, ease of navigation, small footprint, extensibility, and high internal security, available in a single web-based console.

• High Speed Message Reception. CorreLog SIEM is suitable to operate as the single SNMP Trap and Syslog receiver for all devices on the network of large enterprises. CorreLog SIEM can process more than 2000 messages per second and can handle burst traffic of more than 10,000 messages in one second (depending upon the supporting hardware.) CorreLog SIEM tracks and catalogs devices on the network without hard upper limit. You can receive messages from virtually unlimited numbers of sources.

• High Speed Message Correlation. CorreLog SIEM uses an advanced correlation engine, which performs semantic analysis of your messages in real-time. The system employs correlation threads, correlation counters, correlation alerts, and correlation triggers, which refine and reduce your incoming messages into something you can easily understand.

• Flexible Reporting. CorreLog SIEM incorporates various reporting facilities, including an Excel-based reporting facility that populates spreadsheets with summary and detailed event information, and an ODBC reporting facility that populates one or more databases with report information to support third-party report writers. Additionally, CorreLog SIEM includes a comprehensive dashboard facility, a "Pivot" log analyzer (for analyzing firewall data, HTTP server logs, and other "regular" data) and comprehensive graphing utilities useful for reporting on correlation results. The CorreLog Server comes preconfigured with compliancy reports and correlation rules to support these reports. Additional report templates can be loaded (or saved) using a built-in "Template" facility.

• Data Aggregation and Archiving Functions. The CorreLog SIEM system can aggregate vast amounts of data. It can collect in excess of 1 Gigabyte of data each day at a single site, and save this data online for up to 500 days (given enough storage.) Additionally, CorreLog SIEM compresses and archives your data, retaining this data for a period of more than 10 years (5000 days). To assist in forensics and long-term analysis, CorreLog SIEM generates archival data such as MD5 checksums and Security Codes.

• Data Searching Ability. One of the most important functions of the CorreLog SIEM system program is its search capability. CorreLog SIEM uses its proprietary GenDex (Generate Data Extraction) program, which employs a high speed, real time index system. This allows quick searches through massive amounts of message data. The performance of this engine rivals the fastest search engines currently available. Users can search a terabyte of data for a particular keyword in less than one second.

• Taxonomy, Ontology, and Catalog Functions. Taxonomy and categorization of data is at the center of our unique correlation system. The CorreLog SIEM Server automatically catalogs information by IP address, username, facility, and severity. Users can further create catalogs of information based upon simple or complex match patterns. Data is cataloged based upon specifications consisting of simple keywords, wildcards and regular expressions, logical expressions of wildcards, macro definitions of regular expressions, and logical combinations of macros. This provides a complete flexibility in managing and grouping message data, while still maintaining high data throughputs, and avoiding the rigors of data normalization.

• Ability To Define New Syslog Facilities. One of the commonly noticed limitations of Syslog protocol has always been that the "Facility" codes (which define the data sources for syslog messages) are limited to 24 predefined codes. The CorreLog program removes this restriction, permitting users to define their own facilities, such as "applications", and "devmsgs", so that data can be better categorized and managed. This important extension to the syslog protocol opens important new vistas in the practical use of Syslog messages and their correlation, not otherwise available using the standard specification.

• Ability To Override Message Content. One of the commonly noticed limitations of SNMP Trap and Syslog protocol has always been that, since messages are unsolicited, the message collector is stuck with whatever message, severity, or facility was originally specified by the message sender. In some cases the severities or facilities within a message may be nonsensical. The CorreLog program recognizes this existing limitation and implements a sophisticated "override" scheme, which allows users to override the facility, severity, or device name in any message. This greatly assists with the control and correlation of data.

• Input Filtering. To reduce data loading, and permit precise control over incoming messages, CorreLog SIEM can filter input data by device, facility, severity, message keyword, time of day, or any combination of these. Filtered data can be discarded, or put into a separate repository (and possibly permanently archived) for further analysis or forensics. When data is filtered, it is automatically tagged with the particular filter expression, assisting in the analysis of filtered data. CorreLog treats filtered data with respect, permitting you to re-import discarded data and undo any particular filtering function.

• Automatic Remediation And Response. The CorreLog SIEM system incorporates a simple and extensible "Actions" capability, which permits you to target specific messages based upon device, keyword, facility, severity and/ or time of day, and run programs on that data. CorreLog SIEM includes utility programs to update relational ODBC databases, relay syslog messages, send SNMP traps, send e-mail, and perform other actions. The facility is designed for easy extensibility by administrators and developers to extend correlation and ticketing services of the program.

• Web Based Configuration. CorreLog SIEM is entirely web-based. All activities, including the establishment of logins and permissions, are completely achieved without a native console. This means that an administrator does not ordinarily need access to the CorreLog Server platform, except in rare instances to startup or shutdown the process. The location of the CorreLog Server can be strategically placed in a Network Operations Center (NOC) or secure cabinet, which has important implications for security.

• Suite of Utilities. The CorreLog Server system incorporates a suite of Win32 utilities, in one small package that is easily installed on Windows Vista, XP, or Windows 2000 servers. These utilities are redistributable, and greatly extend the ability to manage these platforms using Syslog protocol.

ThreatEye Network Recorder is a network forensics software solution designed to run on commodity hardware. It guarantees line-rate packet capture from 1 to 100 gigabits per second with lossless write to disk. It scales to retain petabytes of data and supports a range of storage options with advanced indexing and search features. The solution provides a web-based packet analysis platform supporting a collaborative packet analysis workflow with retrospective visual analytics. A RESTful API structure supports integrations across a wide range security products. ThreatEye Network Recorder is powered by Napatech’s industry-leading SmartNIC technology, providing 100% packet capture with nanosecond precision time stamping. Key features: FULL PACKET CAPTURE 100% accurate packet capture with up to 40Gbps sustained write-to-disk. 1, 10, 40 and 100Gbps line-rate connectivity options. Scalable on-board and SAN storage options. PACKET ACCELERATION Supporting high speed FPGA acceleration through compatible Napatech and Accolade NIC cards. DPDK support for a wide range of Intel based NICs INTELLIGENT PACKET CAPTURE Using streaming machine learning to make intelligent decisions about which network sessions to record, how long to retain them, and what traffic can be safely ignored. ADVANCED INDEXING Advanced indexing and federated search features support accelerated searches based on 5 tuple including layer 2-4 protocols, across multiple Network Traffic Recorders in a group or geographic location ANALYSIS AND WORKFLOW Transforming packet analysis workflows by providing a secure web-based environment to organize, collaborate and analyze packet captures. Typical Applications and Use Cases

• Threat Hunting
• Incident Response
• Cyber Threat Detection
• Network Performance Management
• Financial Fraud Detection
• Financial Latency Measurement
• Compliance Management

Predictive EPP combines full spectrum threat detection, predictive analytics and automated mitigation to eliminate advanced threats. Features: A Single Sensor NextGen AV, EDR and Insider Threat Detection are the three pillars of endpoint security. Predictive EPP consolidates these in a single sensor, platform and management console. It simplifies deployment and maintenance, reducing the Total Cost of Ownership. NextGen AV, EDR and Insider Threat Detection Predictive EPP detects malware on-disk and suspicious behavior in the OS. It is the only solution that detects advanced threats in physical memory. GoSecure Advanced Mitigation Services, integrated with Predictive EPP, extends threat detection across the network, endpoints, and the cloud. Machine Learning Predictive EPP applies advanced Machine Learning to on-disk, OS behavior, and in-memory threat data. It delivers predictive accuracy and reduces false positives to near zero. Machine Learning provides the confidence to convict, prioritize and mitigate threats faster and more efficiently. Predictive Analytics Predictive Analytics integrates the analysis of behavior on disk, in the OS and in memory. It accesses a threat library of over 4,000 traits and capabilities to predict threat intentions and pinpoint root causes. Predictive Analytics delivers the visibility needed to mitigate threats before they can execute. Automatic Mitigation Predictive EPP automatically mitigates threats. Quarantine, Kill Process and Inoculate terminate threats in the early stages. Deny, Delay and Degrade provide additional time to focus on the highest priority threats and make better mitigation decisions. Cloud Delivered Predictive EPP is offered in the cloud, via managed security services and on-premise. Organizations can fund out of OpEx or CapEx. Cloud and MSS options offer Predictive EPP in a single, affordable monthly subscription. Benefits:

• Detect the Most Threats. Endpoint Protection Platform automatically collects and analyzes behavioral data on disk, in the OS and in memory to detect threats that evade other solutions
• Predict What Threats Will Do. It combines Predictive Analytics with advanced Machine Learning, to analyze threat capabilities and predict threat intentions with near zero false positives
• Automatically Mitigate Threats. Automatic mitigation actions delay and prevent the spread of threats to other endpoints on the network
• Advanced Mitigation Services. GoSecure combines Predictive EPP with threat hunting and mitigation expertise to help Security Teams protect their sensitive data and business operations

To develop such threat awareness, MOREAL is based on big-data analytics principles, along with correlation of primal information brought out from logs provided by the underlying network and network security infrastructure. Monitor More precisely, logs are initially analysed, correlated, and collated with Open Source and Crypteia Networks Security intelligence to generate secondary and trietary threat intelligence by the Threat Intelligence Engine of the MOREAL platform. Report Then our Engine augments threat knowledge by behavioural, and statistical analytics, as well as, reputation pattern matching. The MOREAL core reasoning process is found on computations on graph and meta-graph models that are generated from any internal and external connection that can be logged. Alert In particular, graphs and meta-graphs are processed with algorithms that compute efficiently plausible threat paths with a likelihood scoring approach based on observations of the protected infrastucture and Security Intelligence in terms of IP reputation, malware, and traffic patterns. Crypteia Threat Intelligence & Management Service from PCCW Global delivers:

• A new layer of defence, complementing existing ones and maximizing value of network logs already generated & collected by your clients
• Non-intrusive and scalable cloud-based solution for rapid deployment
• Threat aggregation and behavioural analysis identifies threats in their infancy
• Real-time mitigation recommendations
• New visibility into existing security systems and hardware

Crypteia Threat Intelligence & Management Service enables your clients to achieve optimal security by:

• Utilizing advanced behavioural analytics and machine learning to help distinguish real threats from ones that cause non-productive, costly actions
• Generating actionable reports via a single intuitive dashboard
• Viewing network / security health and utilisation in real-time
• Leveraging a global threat database that uses Big Data Analytics and crowd sourcing to identify emerging threats
• Using advanced correlation engines for known and unknown threat identification, now penetrating and potentially already existing in your clients’ network
• Deploying enhanced security simply and quickly via a pure cloud solution, with an on-prem option available

MOREAL components ThreatDB ThreatDB is a platform that aims to collect and aggregate data from several different Threat Information Sources into a unique structure, similar to other commercial sharing platforms, such as IBM X-Force Exchange, Microsoft Interflow and HP Threat Central. It has as a main purpose to make security information easily accessible to any kind of Threat Intelligence System. In reality, it allows decision-making systems to focus on the security analysis, rather on the overkill of data normalization. That is a significant pre-processing step, which simplifies post-processing for all future consumers and it sets a good baseline towards real-time alerting. GraphIQ Extracting the most significant activity in a network with millions of transactions is a challenging task, but one that is critical in the process of analyzing behaviours, detecting issues and recognizing the most significant interactions in a monitored network. GraphIQ is a MOREAL component that aims to aid in this task, leveraging low-level and high-level information from other MOREAL ThreatIQ components. The most frequent IP flows and especially the ones “surprisingly” frequent, along with the flows exhibiting anomalies and threat events are extracted in a common format which is then utilized in other MOREAL components like the branch-level network graph. Anomaly detection Anomaly detection (AD) is a ThreatIQ component that detects suspicious behavior based on “deviations” from historical models of activity. The justification for using anomaly detection for inferring suspicious behavior is based on the observation that many malicious actions leave a footprint that significantly changes the typical behavior of an entity. For example, a malware may alter the observed traffic patterns when trying to propagate to other workstations or when communicating with C&C servers. When combined with input from other systems, significant evidence may be accumulated in order to raise security alerts for zero-day attacks or in order to provide a level of defense for customers not protected by other security measures. Behavioural clustering Behavioural Clustering is a ThreatIQ component that groups entities utilizing attributes such as proximity and similarity by behaviour (collection of MOREAL aggregated metrics) and extracts information from those groups about the severity of each entity based on security events associated with the group.

The nLighten platform implements a unique and sophisticated artificial intelligence engine that rapidly learns your environment and alerts security teams to threats and vulnerabilities across the threat spectrum. Unlike other solutions, it does not rely on rules and signatures, but instead learns from your environment, security analysts, external sources and threat patterns from other environments. nLighten can detect unknown and insider threats, APTs and targeted attacks that other approaches miss, while reducing false positives to less than 5%. Benefits:

• Detect unknowns
• Improve Efficiencies
• Lowest TCO

How it Works? JANUS - AI MACHINE ANALYST One of the most significant problems facing security teams today is the overwhelming amount of information they are faced with every day from disparate, unintegrated systems that generate very basic security alerts. The average enterprise is presented with 10,000 or more security alerts every month, and on average it takes a security analyst 10 to 15 minutes to properly review a single alert. With minimal alert prioritization and a false positive rate of 95%, this makes it impossible for security teams to focus on what matters. Janus, our AI machine analyst, automates the tedious task of triaging this alerts. Using active learning techniques, it is able to understand the context of the alerts and suppress the ones that are not relevant, resulting in a prioritized list of alerts for your team to review that has a false positive rate of less than 5%. DATA INGESTION The nLighten platform analyzes the raw data that you are already collecting. There is no need to deploy or manage sensors or collectors throughout your environment; simply transfer log and flow data through a secure and redundant connection such as Netflow, Firewall, Proxy, AD, DNS, VPN, web servers, custom applications, IoT & sensor logs, even employee access and travel logs. We can process virtually any log format. AUTOMATION, CONTROL & MANAGEMENT ENGINE nLighten sits on top of a big data platform and requires technologies and skill sets from across several disciplines. To automate the entire process, we have built a unique Automation, Control and Management Engine (codenamed ACME), which is the glue that brings all of the functionality together. Our proprietary engine that orchestrates the entire end-to-end process, providing real-time ingestion of data, cloud-like auto scaling, and full end-to-end automation, allowing for a continuous near-real-time analysis of your entire environment. USER INTERFACE Our UI has been designed specifically to enable your team to work with increased speed and efficiency through an intuitive, easy to use interface that provides rich dashboards for instant situational awareness, along with deep evidence bundles that integrate everything your team needs to complete their investigation in one place. ANALYTICS CORE Artificial Intelligence (AI) can be an incredible tool to drive efficiencies and aid in human decision making, especially when presented with an overwhelming amount of data and variables. It’s important to note that AI can only make decisions based on the information it is given. So if the input is only known threats, the AI is unable to provide information on unknown threats. That’s why our Analytics Core is comprised of Unsupervised Machine Learning. Unsupervised Machine Learning is the only way to identify unknown threats. Implementing a concept we refer to as Analytic Pluralism, our extensible, pluralistic core simultaneously runs dozens of unique analytics against your data, identifying anomalies that may be representative of threats or hygiene issues and passing those anomalies to Janus, our AI. No rules or signatures, just the most advanced set of machine learning. INTELLIGENCE ENGINE The Intelligence Engine gathers, distills and organizes intelligence and information from multiple sources, including information from raw logs about your environment, threat intelligence feeds, security analysts, third-party sources, and open source data. Janus uses this information to learn your environment and adapt to the threat landscape, making decisions about whether or not something is malicious, and then providing context with the alert to assist with rapid investigation. MANAGED SOC Security is about more than just intelligence; it’s about action. Our Managed SOC reviews all results, flagging any urgent alerts and ensuring your team has the context needed to take immediate action. Guided investigation services are built into our User Interface (UI), providing simple and integrated direct access to our Cyber Experts, if needed, who can work with your team to investigate flagged anomalies. DELIVERED AS A SERVICE The nLighten platform brings together best of class technology from across big data, AI, analytics and cloud. It can be an expensive and resource-intensive project for any organization to undertake on their own, costing tens of millions of dollars just for R&D, let alone the cost and complexity of deploying and managing a production environment that spans so many disciplines. This is why Cybraics offers the entire platform as a monthly recurring service; we can provide the most sophisticated security analytics and AI services available for a fraction of the cost to you, and scale to meet your organizations size and sophistication level.

The CyOPs Platform utilizes CyberSponse’s patented technological process to fill the gap between automation-only and human dependent security organizations, while also facilitating cross-functional collaboration. Integrate your SOCs entire security stack behind a single pane of glass with unlimited daily actions, fortifying your data and maximizing ROI.

Incident Management

Distinguishing Real Threats From Endless Alerts

Real threats are often overlooked, largely as a result of the copious amount of alert notifications that accumulate daily. CyOPs Automated Intelligent Triaging enables Security Analysts to efficiently uncover these important alerts, prioritizing them based on severity, asset, intelligence, and frequency. To investigate alerts more efficiently, it’s very important to be able to understand and review data in a consumable manner. CyOPs Case Management solution understands the need to manage data effectively and provides options to:

• Manage Alert and Incident Listings in a filter-able grid view
• Ability to add mini-dashboards on each grid to gain visibility into the bigger picture and understand trends
• Ability to define new modules, unlike any other SOAR offering- with customization of modules such as fields, views, and permissions
• Visual layout editor to define custom views, data models, fields, and grids

CyOPs for MSSPs

Integrate All Your Security Tools

Enterprise-level SOCs leverage a multitude of products and tools to effectively resolve incidents and fulfill compliance requirements.  CyOPs caters to our clients’ specific environment needs due to the customizability of product, which results in greater efficiency, eliminated alert fatigue, and maximizes their ROI. The CyOPs Integrations Repository has over 280 available integrations, enabling users to automate their entire security stack behind a single pane of glass.
A unified console built on the only enterprise multi-tenancy architecture.

• Obtain a complete overview of all your customers (tenants) in a single unified CyOPs master console.
• Filter views by customers, to understand the customer’s current state
• Assign and adhere to the Roles and Permissions assigned to each tenant
• Create customer specific alert and incident views
• Robust and scalable architecture for load-balancing usage

Role Based Custom Dashboards

Insight From Multiple Perspectives

CyOPs offers customers enterprise dashboards enabling better decision making.

• Choose from multiple canned dashboards from multiple perspectives
• Export and import dashboard templates
• Export dashboard views as PDFs

Full Role-Based Access Control

• Assign multiple roles to each dashboard to control visibility across the team.
• Ability to assign roles and permissions to dashboard templates
• Ability to make selected dashboards as default for all system users
• Ability to create user-specific dashboards and reports

Reporting

Library of Out-of-the-box Reports

• Leverage the CyOPs Report Library for a quick start with many commonly used reports
• Use ready-made reports like Incident Closures, Alert Closures, IOC Summaries etc.
• CyOPs Support Portal using Report Import functionality
• Customize out-of-the-box reports for organization-specific metrics
• Export Reports in CSV & PDF Formats

Queue Management

Create Dedicated Queues

Leverage the built-in CyOPs Queue Management to handle automatic work assignments across multiple queues and teams

• Create multiple queues across multiple teams
• Add multiple team members to each Queue
• Define logical rules for auto assignments to a specific member or team
• Option to add work tasks manually to any queue

Manage SOC Shift Change With Ease

Streamline SOC Team Onboarding & Management

CyOPs™ enables new SOC team members to start making an impact right away due to its ease of use and ability to retain information from previous employees. Standardized trackable and repeatable processes result in a more efficient onboarding plan for new SOC team members. Create standard automated response processes using the most versatile enterprise drag-and-drop CyOPs Playbook builder that not only retains team knowledge but also shortens incident response times. Maximize your team and security stack with CyOPs™ automation.

• SOCs that work in multiple shifts perfects shift changeovers with ease
• Create multiple queues for different shifts
• Define rules for assigning alerts and incidents based on the timezone
• Obtain snapshots of a shift’s queue to better understand task status
• Option to add manual tasks to any queue or team member

Discover breaches as they unfold, not months later. Current breach discovery gap = 120 days.

Datiphy platform provides industry leading end-to-end data transaction analysis to detect breaches as they unfold. Datiphy automates the extraction and indexing of key data assets from billions of data transactions per day, allowing instant visibility and detailed forensics to the complete data life-cycle. Unlike traditional policy and perimeter based security tools that only provide point protection and lack context, Datiphy provides users with a unique DNA profile of each transaction directly from the data’s point of view.

Each asset within the data DNA profile is automatically indexed against all other transactions. The powerful indexing engine identifies relationships that provide the critical context of how sensitive data is living and being accessed within the enterprise.The Datiphy platform is the first true data-centric audit and protection tool.

Features

• Data DNA & Scientific Behavior. Every data transaction has a unique series of assets. Datiphy extracts these data assets for every transaction and indexes them in real time. Scientific relationships among the assets are built and their behavior base-lined. Because every transaction is being surveyed vs a sample, any change in behavior is immediately sensed and false alarms are eliminated.

• Deep Forensics to Avoid Disaster. Think of Datiphy as the data version of a DVR. Detailed forensics, indexed in real time, allow you to see your sensitive data in action as it flows in and out of the enterprise. Datiphy users can replay events to study the tactics and build policy against similar future attacks or alerts for further discovery.

• Cross-Silo Policy Management. Business processes constantly transpose data across multiple silos. This massive data generation and usage is rendering current methods of data security governance obsolete. Datiphy users build and manage data-centric security policies to coordinate controls across these data silos.

• Protect Your Brand Reputation. When breach details develop in the media, it is clear organizations struggle with knowing exactly what has been taken. Datiphy detects the breach as it unfolds and teams can react immediately. The damage is limited and executives will know exactly what has been compromised.

• Who is Hiding? Once a user is inside, the User ID disappears and the application server credentials are all that communicate with the database. This is a normal behavior that is often exploited by attackers. Datiphy’s patented user mapping technology will identify these users and map their actions from the initial HTTP request through the back-end database response.

• Threat Intelligence & Log Data Merged. The problem with log data is it is overwhelming and lacks relevance. The problem with threat intelligence is most people don’t know what to do with it. Datiphy bridges the gap, giving log data intelligent context and making threat intelligence actionable. Enterprises gain data-driven visibility into the critical information needed to help detect targeted, dynamic, and stealthy attack methods.

• See Relationships with Context. Many tools will provide a glimpse into your data assets, but they lack the complete story. With Datiphy not only will you see the relationships among data assets, but you will also have the complete context in which those assets interact.

• See Data Changes. Sometimes accidents happen. Because Datiphy records the details of every data transaction, you can go straight to the event to see what happened and take the appropriate steps for a complete and fast restore.

• Search Any Events Instantly. Because Datiphy indexes the elements of every data transaction as it occurs, events are easy to find and the forensics behind them are instantly available. Incident Response teams now have instant root cause forensics at their fingertips. Compliance Team audit tasks become fast and simple. Searching and reporting the who, what, when, where, and how for any event or data asset is a breeze.

• See Those Who Observe Data. The pool of read privileges are much larger than the pool of write. Datiphy records the trails of those that take a look at sensitive data, regardless of whether change or take it.

• Mean Time to Verification (MTTV). Too much alert overload and threats go uninvestigated. With Datiphy, responding to alerts with relevant detail in real- time enables teams to validate real threats quickly and conclusively.

 

• Mean Time to Response (MTTR). Datiphy will eliminate false positives that waste precious time. By focusing on just the facts, teams investigate faster and provide less time for attackers to cover their tracks.

 

• Mean Time to Resolution (MTTR 2). Discover compromises as they happen and see the relationships among all similar suspicious behavior. Stopping the attack is only part of the job; with Datiphy context, ensuring it cannot happen again finishes the job.

Deceptive Bytes provides an innovative solution against threats in enterprises’ most critical and exposed assets, their endpoints! The solution creates dynamic & deceptive information which interferes with any attempt to recon the environment and deters the attacker from executing its malicious intents, through all the stages of compromise in the Attack Kill Chain – covering advanced & sophisticated malware techniques, constantly making sure all the endpoints & data in the enterprise are secured. Features: Preemptive Defense Making malware believe it’s in an unattractive/hostile environment to attack and reducing the chances of a successful attack. For example, creating a sandbox/VM environment which deter malware. Proactive Defense Actively responding to threats as they evolve, changing the outcome of the attack through all the stages of the Endpoint Kill Chain. For example, deceiving and stopping Ransomware, thinking it succeeded encrypting the files as the solution safeguard them. Behavioral Defense Identifying & preventing legitimate apps being used for malicious operations. For example, stopping execution of powershell/command line initiated from word/excel files that are used by attackers to infect the endpoint. Benefits: Preemptive and Proactive

• Prevents unknown and sophisticated threats

 

• Very high prevention and detection rates

 

• Real time detection & response

 

Lightweight

• System-wide protection with pinpoint handling

 

• Deploys in seconds & Easy to operate

 

• Low resource usage (CPU, memory & disk) - No UX impact

 

Signature-less

• NO constant updates

 

• Operates in stand-alone/disconnected & VDI environments

 

• Stops millions of threats using only 1 evasion technique

 

Reliable

• High stability - operates in User-mode

 

• Triggering high-fidelity alerts

 

• Low to non-existing false positive rate