Comprehensive protection through an adaptive security architecture integrating prediction, prevention, detection and response
By integrating these capabilities in a single solution, effectiveness is increased and cost is decreased. The security mindset shifts from "incident response" to "continuous response," wherein systems are assumed to be compromised and require continuous monitoring and remediation.
Explore the four different elements
Security Analysts: SOC is staffed with a team of experts in various disciplines, continuously studying the security landscape to be aware of new attack tactics, techniques and procedures.
Threat Intelligence: Study global and community threat intelligence anticipate new attack types, proactively prioritize and address exposures. This intelligence is then used to feed back into the preventive and detective capabilities, thus closing the loop on the entire process.
Configuration Assessment: Identify insecure configurations using SCAP to reduce the attack surface.
Application Control: EDR at the sensor is integrated with global, local and community safelists for effective application control.
Deception: Honeynet deception exposes malicious activity and makes it more difficult to locate legitimate systems and vulnerabilities to attack.
Vulnerability Assessment: Prioritized scanning, detailed reports and recommendations allowing you to focus on remediation.
Remediate: Investigate and resolve issues discovered via detection, provide forensic analysis and root cause analysis, and to recommend new preventive measure to avoid future incidents.
Forensic Investigation: Determine the root cause and full scope of the breach for retrospective analysis of what exactly happened, using the data gathered from the ongoing and continuous monitoring at the core. How did the hacker gain a foothold? Was an unknown or unpatched vulnerability exploited? What file or executable contained the attack? How many systems were impacted? What specifically was exfiltrated?
Endpoint Detection and Response: Block threats and reduce dwell time at all stages of the threat chain, including lateral movement.
Behavior Analysis: Use machine learning to understand normal system activities within an enterprise and expose anomalous behavior.
Containment: Automate actions such as isolating the compromised system, disabling the affected account, killing the process and sharing the intelligence with others in the network and community.