SOLUTIONS
Log Monitoring
There is always the Security Information and Event Management (SIEM) to monitor the logs and events for security incidents, however, at Securli, we also offer Threat Hunting Analytics (THA) to go faster and deeper with AI to shorten detection time and resolution time.
A collector (physical or virtual, also from Cloud) will be deployed to aggregates and analyzes activity from many different resources across your entire IT infrastructure, i.e. security data from network devices, servers, domain controllers, and more.
Sample of SIEM Key Functions:
-
Data Ingestion and Analytics
-
Contextual Real-time Alerts
-
Threat response workflow
-
Manage Incident Notification Policie
-
Reporting and forensics about security incidents
-
Alerts based on analytics that match a certain rule set, indicating a security issue
Sample of THA key functions:
-
Measure threat hunting programs as a scale of increasing maturity levels
-
AI threat detection workflow automation
-
Supplement to SIEM to analyze all data
-
Quickly run specific queries across multiple entities and vectors of analysis
-
Autocorrelation to connect the source, movement and impact of an attack
Auto Blocking
Integrated Prevention & Defense Firewall (IPDF) objective is to apply automation to stop malicious IP addresses, URL, & Domain Names from entering from the outside and connecting from the inside. It works in conjunction with most of the Firewall solutions and to increase the efficiency of the Firewall with over 7 TB of Threat Intelligence from over 850 sources without the network engineer’s resource to manage rules.
Sample of IPDF Key Functions:
-
Stop malicious attacks from the public internet, including DoS or DDoS,
-
Prevents activation of ransomware such as Cryptowalland Cryptolocker
-
Protect internal devices from communicating to the malicious host from Spear-Phishing attacks,
-
Create and maintain protection policies to block and allow what fits security requirements,
-
Auto analysis firewall log by our S.O.C. and update the firewall rule without human interactive
-
Prevents data theft and corruption by stopping malware from "phoning home" to threat actors;
-
Customize controls to block, allow, or redirect DNS queries by Geo-region IP & domains,
-
Leverages DNS to protects all devices, any port, any protocol, and any application,
-
Autorelease blocked IP when it has become “clean.”
Behavioral Analytics
Most security monitoring systems utilize a signature-based approach to detect threats, which allows the Advanced Persistence Threats (APT) to hide within networks to exploit all weaknesses or valuable digital assets before exfiltration. Network Behavioral Analytics (NBA) uses Machine Learning modeling to detect modern hacktivists’ extraordinary prowess in morphing signatures to evade detection by traditional security check posts, i.e. Zero-Day Threats.
Sample of NBA Key Functions:
-
Generated by an extensive set of dynamic threat models, aided by machine learning techniques to detect both known and unknown zero-day attacks
-
Cognitive abilities using Unsupervised and Semi-Supervised learning to quickly identify, contain, and eradicate advanced Zero-Day malicious exploits
-
Identify and detect low and slow threats that manage to circumvent traditional north-south hard edges and navigate east-west across the soft cores inside the perimeter of the network
-
Rich library of models and algorithms that can deploy from date of installation, which can baseline the enterprise behavior from many different angles and data-points to detect network-level broad anomaly, insider attack to threat specific attacks while they are happening
