SOLUTIONS
Log Monitoring
There is always the Security Information and Event Management (SIEM) to monitor the logs and events for security incidents, however, at Securli, we also offer Threat Hunting Analytics (THA) to go faster and deeper with AI to shorten detection time and resolution time.
A collector (physical or virtual, also from Cloud) will be deployed to aggregates and analyzes activity from many different resources across your entire IT infrastructure, i.e. security data from network devices, servers, domain controllers, and more.
Sample of SIEM Key Functions:
​
- Data Ingestion and Analytics
- Contextual Real-time Alerts
- Threat response workflow
- Manage Incident Notification Policies
- Reporting and forensics about security incidents
- Alerts based on analytics that match a certain rule set, indicating a security issue
Sample of THA key functions:
​
- Measure threat hunting programs as a scale of increasing maturity levels
- AI threat detection workflow automation
- Supplement to SIEM to analyze all data
- Quickly run specific queries across multiple entities and vectors of analysis
- Autocorrelation to connect the source, movement and impact of an attack
Auto Blocking
Integrated Prevention & Defense Firewall (IPDF) objective is to apply automation to stop malicious IP addresses, URL, & Domain Names from entering from the outside and connecting from the inside. It works in conjunction with most of the Firewall solutions and to increase the efficiency of the Firewall with over 7 TB of Threat Intelligence from over 850 sources without the network engineer’s resource to manage rules.
Sample of IPDF Key Functions:
​
-
stop malicious attacks from the public internet, including DoS or DDoS,
-
prevents activation of ransomware such as Cryptowalland Cryptolocker
-
protect internal devices from communicating to the malicious host from Spear-Phishing attacks,
-
create and maintain protection policies to block and allow what fits security requirements,
-
auto analysis firewall log by our S.O.C. and update the firewall rule without human interactive
-
prevents data theft and corruption by stopping malware from "phoning home" to threat actors;
-
customize controls to block, allow, or redirect DNS queries by Geo-region IP & domains,
-
leverages DNS to protects all devices, any port, any protocol, and any application,
-
autorelease blocked IP when it has become “clean.”
Behavioral Analytics
Most security monitoring systems utilize a signature-based approach to detect threats, which allows the Advanced Persistence Threats (APT) to hide within networks to exploit all weaknesses or valuable digital assets before exfiltration. Network Behavioral Analytics (NBA) uses Machine Learning modeling to detect modern hacktivists’ extraordinary prowess in morphing signatures to evade detection by traditional security check posts, i.e. Zero-Day Threats.
Sample of NBA Key Functions:
​
-
generated by an extensive set of dynamic threat models, aided by machine learning techniques to detect both known and unknown zero-day attacks
-
cognitive abilities using Unsupervised and Semi-Supervised learning to quickly identify, contain, and eradicate advanced Zero-Day malicious exploits
-
identify and detect low and slow threats that manage to circumvent traditional north-south hard edges and navigate east-west across the soft cores inside the perimeter of the network
-
rich library of models and algorithms that can deploy from date of installation, which can baseline the enterprise behavior from many different angles and data-points to detect network-level broad anomaly, insider attack to threat specific attacks while they are happening
Threat Scanning
Preventative hygiene in vulnerabilities scanning should become a fundamental practice in cybersecurity, and Continuous Vulnerabilities Scanning Management (CVAM) is an important active defense, in order to assure that your entire IT infrastructure is current with relevant preventative hygiene in vulnerabilities scanning should become a fundamental practice in cybersecurity, and Continuous Vulnerabilities Scanning Management (CVAM) is an important active defense, in order to assure that your entire IT infrastructure is current with relevant patches and security levels. This continuous management will keep security experts and IT administrators up to date with known vulnerabilities along with Risk Trending Analysis can provide preventive insights to build best practices to increase the attack barriers and awareness of weakness. patches and security levels. This continuous management will keep security experts and IT administrators up to date with known vulnerabilities along with Risk Trending Analysis can provide preventive insights to build best practices to increase the attack barriers and awareness of weakness.
Sample of CVAM Key Functions:
​
-
Automated alerts with a score to easily identify the risk severity for prioritization
-
as part of the managed platform to eliminate the cost of an expensive tool and a process your IT team requires to learn and operate
-
Capabilities include unauthenticated testing & authenticated testing, with various high and low-level Internet/industrial protocols
-
online reporting with Risk Trending on ongoing management process with gap analysis, relevant findings, and remediation roadmap
-
an ongoing vulnerability/configuration management program, and in support of demonstrable compliance initiatives for relevant framework and regulation
End Point Protection
End Point Protection is much more than Anti-Malware, it includes Data Loss Prevention, Phishing, Roaming DNS Firewall, SPAM Filtering, and MFA. Most of the other layers focus on the malicious attacks flow, and this focus on the End Users’ machine level to increase defense capabilities. Majority of the attacks are initiated from within the network, EPP with NBA and IPDF will provide the holistic defense requires to stop most attack vectors; signature or signatureless
Sample of EPP Key Functions:
​
-
SPAM Filtering detects potential phishing risks, generates an alert and sends it to the SIEM for correlation with other similar alerts.
-
Roaming DNS Firewall Blocks or redirects malicious and unwanted DNS queries in real-time whenever the user goes; which also protects the machine from infecting malware when outside of the company network protection
-
restrict non-compliant data transfers and verifiably protecting personal data
-
utilizes content discovery, and contextual analysis to identify and categorize sensitive data, plus encrypting file accessed by an unknown app
-
MFA with software, hardware, and biometrics to authenticate the user, not a Robot
-
Tracking suspicious staff file access activities by an investigation by timeframe, exposure type, file category, file name, file hash and more
Recovery With Interops
End Point Protection is much more than Anti-Malware, it includes Data Loss Prevention, Phishing, Roaming DNS Firewall, SPAM Filtering, and MFA. Most of the other layers focus on the malicious attacks flow, and this focus on the End Users’ machine level to increase defense capabilities. Majority of the attacks are initiated from within the network, EPP with NBA and IPDF will provide the holistic defense requires to stop most attack vectors; signature or signatureless
Recovery or Business Continuity is a must for every business, and the keys to success are to make it affordable and user-friendly for every business; along with InterOps reporting to identify Risk Trends in Detection & Resolution period to provide the single pane of glass for SecOps efficiency. Recovery is part of the InterOps process includes testing on the Backup files, setting up a test environment for drills, and monitoring backup & replication activities to eliminate potential loss of data. InterOps is the service layers to enhance the triage of Technology, People & Process; a dashboard with risk indicators & trending analysis to determine the efficiency between Security and IT operation.
