Seceon s Open Threat Management software

Similar documents
Cato Cloud. Software-defined and cloud-based secure enterprise network. Solution Brief

:- IDBI /PCELL/ RFP/

Cato Cloud. Solution Brief. Software-defined and Cloud-based Secure Enterprise Network NETWORK + SECURITY IS SIMPLE AGAIN

RSA INCIDENT RESPONSE SERVICES

RSA INCIDENT RESPONSE SERVICES

CIS Controls Measures and Metrics for Version 7

Cisco Stealthwatch Improves Threat Defense with Network Visibility and Security Analytics

Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS

CIS Controls Measures and Metrics for Version 7

Automated Response in Cyber Security SOC with Actionable Threat Intelligence

Building Resilience in a Digital Enterprise

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft

Juniper Sky Advanced Threat Prevention

JUNIPER SKY ADVANCED THREAT PREVENTION

Compare Security Analytics Solutions

ATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS

Managed Endpoint Defense

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

SANS Top 20 CIS. Critical Security Control Solution Brief Version 6. SANS Top 20 CIS. EventTracker 8815 Centre Park Drive, Columbia MD 21045

SIEM Solutions from McAfee

Security, Internet Access, and Communication Ports

Cisco Next Generation Firewall Services

ForeScout Extended Module for Carbon Black

Behavior-Based IDS: StealthWatch Overview and Deployment Methodology

ARTIFICIAL INTELLIGENCE POWERED AUTOMATED THREAT HUNTING AND NETWORK SELF-DEFENSE

Dynamic Datacenter Security Solidex, November 2009

The Future of Threat Prevention

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Elevation of Privilege

CYBER ANALYTICS. Architecture Overview. Technical Brief. May 2016 novetta.com 2016, Novetta

DECRYPT SSL AND SSH TRAFFIC TO DISRUPT ATTACKER COMMUNICATIONS AND THEFT

Sobering statistics. The frequency and sophistication of cybersecurity attacks are getting worse.

Cisco Network Admission Control (NAC) Solution

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

CyberArk Privileged Threat Analytics

RSA NetWitness Suite Respond in Minutes, Not Months

Intelligent and Secure Network

SECURITY FOR SMALL BUSINESSES

CloudSOC and Security.cloud for Microsoft Office 365

Security Automation. Challenge: Automatizzare le azioni di isolamento e contenimento delle minacce rilevate tramite soluzioni di malware analysis

SYMANTEC DATA CENTER SECURITY

Klaudia Bakšová System Engineer Cisco Systems. Cisco Clean Access

Cato Cloud. Global SD-WAN with Built-in Network Security. Solution Brief. Cato Cloud Solution Brief. The Future of SD-WAN. Today.

WHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access

THE PIONEER IN REAL-TIME CYBER SITUATIONAL AWARENESS

PANORAMA. Key Security Features

McAfee Virtual Network Security Platform

Port Mirroring in CounterACT. CounterACT Technical Note

Empower stakeholders with single-pane visibility and insights Enrich firewall security data

FIREWALL PROTECTION AND WHY DOES MY BUSINESS NEED IT?

Vectra Cognito. Brochure HIGHLIGHTS. Security analyst in software

Cisco Cyber Threat Defense Solution 1.0

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

PANORAMA. Figure 1: Panorama deployment

Novetta Cyber Analytics

The Cognito automated threat detection and response platform

Integrating Juniper Sky Advanced Threat Prevention (ATP) and ForeScout CounterACT for Infected Host Remediation

SIEM: Five Requirements that Solve the Bigger Business Issues

RSA Advanced Security Operations Richard Nichols, Director EMEA. Copyright 2015 EMC Corporation. All rights reserved. 1

Fast Incident Investigation and Response with CylanceOPTICS

Key Technologies for Security Operations. Copyright 2014 EMC Corporation. All rights reserved.

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

McAfee Network Security Platform

Detect Cyber Threats with Securonix Proxy Traffic Analyzer

Security, Internet Access, and Communication Ports

O N L I N E I N C I D E N T R E S P O N S E C O M M U N I T Y

McAfee Network Security Platform

Security, Internet Access, and Communication Ports

One Hospital s Cybersecurity Journey

TALK. agalaxy FOR THUNDER TPS REAL-TIME GLOBAL DDOS DEFENSE MANAGEMENT WITH A10 DATA SHEET DDOS DEFENSE MONITORING AND MANAGEMENT

Cisco Security Manager 4.1: Integrated Security Management for Cisco Firewalls, IPS, and VPN Solutions

IBM Security QRadar Version Architecture and Deployment Guide IBM

McAfee Complete Endpoint Threat Protection Advanced threat protection for sophisticated attacks

Cognito Detect is the most powerful way to find and stop cyberattackers in real time

MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER

ERT Threat Alert New Risks Revealed by Mirai Botnet November 2, 2016

Cisco ISR G2 Management Overview

From Managed Security Services to the next evolution of CyberSoc Services

Cisco Intrusion Prevention Solutions

Palo Alto Networks PCNSE7 Exam

Automated Threat Management - in Real Time. Vectra Networks

Network. Arcstar Universal One

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

Agile Security Solutions

RSA Security Analytics

Request for Proposal (RFP) for Supply and Implementation of Firewall for Internet Access (RFP Ref )

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

SentinelOne Technical Brief

ISO27001 Preparing your business with Snare

Paloalto Networks PCNSA EXAM

Subscriber Data Correlation

Securing Your Microsoft Azure Virtual Networks

NetWitness Overview. Copyright 2011 EMC Corporation. All rights reserved.

Cisco Cloud Security. How to Protect Business to Support Digital Transformation

ForeScout Agentless Visibility and Control

Securing Your Amazon Web Services Virtual Networks

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

Fidelis Overview. ISC 2 DoD and Industry Forum. Rapid Detection and Automated Incident Response DoD & Commercial Active Defense Use Cases

Transcription:

Seceon s Open Threat Management software Seceon s Open Threat Management software (OTM), is a cyber-security advanced threat management platform that visualizes, detects, and eliminates threats in real time. It provides a simple, comprehensive, fully automated approach to detecting and stopping the threats that matter, for both On-Premise and Cloud deployments from Internal & External attacks. Whatever security products you are currently using, OTM will most certainly increase the level of protection for your Data & IP, and will easily integrate with other security technologies such as Firewall and SIEM. Seceon s OTM solution utilizes the power of artificial intelligence combined with machine learning and dynamic threat models to deliver real-time security to you by protecting your business against dangerous threats and defending it against costly cyber attacks. It provides a comprehensive cyber security solution for the digital era. It uses power of Application, Machine & User Analytics to find and prevent attacks or attempted data theft for internal and external sources. Remediation in real-time is one of the key feature of the Seceon OTM platform. Because it has the comprehensive view of the organization s assets, networks infrastructure, active directory, LDAP, RAIDUS or other AAA servers and other important applications, it knows where to remediate the problem without causing a huge impact to the organization. Some of the examples disable the credentials, disable a VLAN or a VPN connection, disable a port interface, and push policies to prevent an external IP or isolate an internal IP/Server etc Seceon s OTM is a cyber-security advanced threat management platform that visualizes, detects, and eliminates threats in Real-time. It provides a simple, comprehensive, fully automated approach to detecting and stopping the threats that matter. 1

Automation at Its Best No rules or human intervention needed out-of-box solution starts working within seconds of installation. Unparalleled Visibility Advanced behavioral and machine learning technologies gives our customers full visibility of both internal and external adversary activity Multi-Layer Detection Detection of known as well as never-before-seen threats at the earliest phase of the chain. Supplements SIEMs Correlating the threat indicators and reducing the operational expenses in managing the SIEM generated threat logs. Automated Response Enabling rapid, surgical responses at scale to eradicate threats. Productivity Increase Advanced analytics over multiple stages eliminates false positives 25x threat surface reduction. Threat impact Analysis Comprehensive interactive visual interface to drill down threats and effected sources and targets. Seceon OTM addresses the enterprise need for a Security Operations, and to detect and stop threats in real time. Seceon OTM leverages unmatched combination of behavioral analysis, machine learning and dynamic threat intelligence to detect and contain known as well as unknown cyber security threats. The solution is completely agent-less, can work in any hybrid cloud architecture, and can scale to any enterprise size. Seceon OTM can install and be up and running within 4 hours, with minimal to no provisioning. There are no rules to import and customize no signatures to pull in, no complicated filters that need optimization. It just works out of the box. 2

So what does Seceon OTM solution deliver? 1. It provides a central gateway level protection without the use of endpoint agents or any other tool. 2. It makes extensive use of Machine Intelligence and Big Data Analytics to provide threat exposure, reporting and remediation options. 3. It works on servers, routers, switches, firewalls, all kinds of endpoints such as laptops, desktops, tablets and phones, which connect with the organizations network. 4. Solution has the capability to work in offline mode without using SPAN/ Mirror Traffic. The solution does not use SPAN and Mirror Mode as that increases network latency and also impacts network bandwidth. Instead the solution uses a scalable approach of taking network flows in netflow and sflow format to analyze all north-south as well as east-west traffic apart from the logs from all end-points, servers, and firewall. 5. It is not a single point of failure in the network should the solution suffer outage in any manner. 6. Solution shall can support multiple network segments including LAN, WAN, DMZ, WiFi Networks, MPLS Links simultaneously on the single instance. 7. It can automatically identify infection so as to reduce manual effort by going through logs and alerts. 8. Solution shall integrate with Firewalls, IPS, Enterprise AV, Mail Gateway and Web Gateway 9. Identification of infection by taking into account suspicious network traffic, behaviour, source and destination analysis and not requiring to interact directly with the affected device(s) / hosts. 10. Automated Risk Prioritization basis infected device(s) basis (data was transferred, AV Patching, Type of Malware, User Importance to the organization and whether communication was successful. 11. Solution shall identify malicious activity and infections on devices, which are outside perimeter defense, split VPN connections. Solution shall identify advanced threat infection irrespective of infection vector location(s) either inside or outside locations. 12. Solution shall be able to detect infection without the presence of any file analysis software. 13. Solution shall differentiate between confirmed infection and suspicious event. 3

4 14. It will be not be necessary condition to be able to detect an infection vector first if it is to occur outside of the network to determine subsequent or related infection. 15. Solution shall track all C&C communications negotiated by a threat and not just the initial call back of a dropper. 16. Solution shall monitor and detect all outbound and inbound command and control traffic. 17. Solution shall provide ability to view file download activity associated with infected endpoints for required duration to enable qualify the endpoint to be declared as infected. 18. Solution shall determine infection regardless the OS involved. 19. Determination of infection on http /https/ ssl/ sftp/ ftp/custom port / ability identify communication coming from proxy server aware malware. 20. Solutions shall identify infections using P2P malicious communication such as zero access, TDL4, ZEUS V3 and Sality. 21. Solution shall identify, Domain Generation Algorithm (DGA) based crimeware. 22. Solution shall detect TOR, DNS Tunneling to conceal their communications. 23. Solution shall support DNS query for malicious domains. 24. Solution should be capable to perform DNS re-direction for malicious DNS queries so as to prevent exposure of infection to cyber criminals. 25. Solution shall be able to discover suspicious internet domains. 26. Machine intelligence and big data analytics capability to aggregate evidence and identify threats. 27. Solution shall have the capability of providing independent threat intelligence for local and external threats. 28. IPV4 and IPV6 discovery of threats. 29. Detect RANSOMWARE. 30. Detect BOTNETS. 31. Detect Compromised Credentials or Insider Threat. 32. Detection of Dormant Threat Detection. 33. Work with SMTP, POP3, and IMAP traffic. 34. Work with UDP Traffic. 35. Work with non-standard TCP Port traffic. 36. Capability to detect persistent threats, which are communicated through executable files, pdf files, flash files, RTF files amongst other file formats. 37. Shall have the ability to identify suspicious embedded objects in files such as OLE and MACRO extraction, Shell Code and exploit matching this is a muddled statement

38. Solution should be able to detect Zero Day Analysis based on the behavioral analysis using machine intelligence and big data analytics. 39. Solution shall detect if the malware downloaded has been executed effectively without the use of endpoint agents. 40. Solution shall provide real-time intelligence updates. 41. Solution shall provide incident tracking along with ticketing and remediation. 42. Capability to track incident investigation at an asset level / device level through notes, comments, provide auto expiration if no further evidence has been collected. 43. Solution shall track infection history for a device and provide forensic capability. 44. Solution shall provide details on the forensics so as to enable, validation of findings, violation of security policies vide connection attempt(s) count, connection attempt(s) success, bytes in, bytes out, forensic metadata 45. Solution should provide 3 rd party integration by way of transferring forensic information to prevention systems such as IDS/IPS/Web Gateway. 46. Solution should facilitate in the conducting simple investigation to validate the findings. 47. Solution should allow Whitelisting and Black Listing of devices 48. Risk rating capability basis, number of attempts made, data transferred, asset criticality, provide details on recorded threat, threat intent, researcher notes, crimeware used and local communication activity. 49. Categorization of assets basis HIGH, MEDIUM and LOW 50. Intuitive and self-explanatory dashboards for Incident Tracking and Management. 51. Manage and retain remediation history along with all evidence. 52. Solution shall have the feature to detect an asset using either NetBios Look Up or reverse DNS. 53. Provide connection termination to protect against loss of data through individual TCP RSTs for individual connection sessions through C&C. 54. Solution shall integrate with CISCO, Palo Alto, SonicWALL and Checkpoint Firewalls for asset quarantine process, through the implementation of policies looking at (suspected or infected ) status and also prevent these assets from communicating through internet or with critical assets in the network. 55. Solution shall have the ability to integrate with web proxies so that web access policies can be implemented taking into account (suspected or infected) status and also prevent these assets from communicating through internet or with critical assets in the network. 56. Shall integrate with AV. 57. Shall support logging using SYSLOG 58. Shall integrate with SIEM solutions 59. Shall provide e-mail and text alerts notification 5

6 60. Provide out of the box reports for Executive Summary Reports, Infection Lifecycle Management, System Health Reports, Incident Response Reports and other custom reports through Professional Services intervention. 61. Supports 10GB supported to 1 GB Copper Giga Bit Ethernet and 410 Gigabit fibre interfaces. 62. The platform is scalable and can handle large networks with network throughputs measuring 10GBps. 63. The solution has RAID redundancy. 64. Secure communication for management access and inter system communication. 65. Has capability to assign role based access. 66. Is an appliance based and stand-alone server based solution with secure OS deployed. 67. The solution has an intuitive GUI. 68. The typical deployment times are 2 to 3 hours. 69. The solution becomes fully functional in less than15 days from going live. 70. The solution improves productivity by highlighting only those incidents, which have a risk impact and higher confidence. 71. The solution should filter out most of the white noise, false positives and shouldn t ignore any negatives.

Sample Dashboards 7

8 Awards

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback