by Lalit Shinde
Seceon was founded with the mission of providing ‘Comprehensive Cybersecurity for Digital-Era’ to any size organization. There have been numerous articles, white papers and analyst reports written since then to describe what it means and what it takes to achieve this mission. However, in summary, the comprehensive cybersecurity can be achieved when you have a 360degree view of the organization, its assets, applications, users and their communication with each other as well as the external world. There are 3 primary things one should consider for this 360degree view – Endpoints, Network and Users and all their interactions within organization and with the external world.
Gartner defined this as a SOC Nuclear Triad, a term originally coined by Anton Chuvakin in SOC Nuclear Triad Blog and later defined in detail by Gartner analysts in the Gartner SOC Visibility Triad using Network-Centric Approach; however, Gartner focus was mostly on NDR, SIEM and EDR. Seceon aiXDR goes beyond that in making sure that the Machine Learning (ML) and Artificial Intelligence (AI) based capabilities of aiSIEMTM are fully utilized and extended to detect most cyber security threats in real time and to eliminate them by pushing the policy response to the network, endpoints and policy management systems in an automated manner.
If you don’t know much about aiSIEM, please stop reading this blog and first learn about aiSIEM here. Without, that this blog will not be of much interest to you.
Seceon approached this problem with a different perspective. It primarily wanted to provide the comprehensive cybersecurity to the organizations of any size. The CyberDefenseMagazine article that I wrote in August 2019 goes into details on what requirements and ingredients this imposes on such a cybersecurity platform. Seceon aiSIEM platform has been built grounds up and used by many enterprises and service providers to achieve this comprehensive cybersecurity.
So what is Seceon aiXDRTM solution, how does it achieve the comprehensive cyber security and what is additional differentiation compared to aiSIEM?
The term XDR has been around for quite sometime and typically represents any type of detection and response as compared to EDR (Endpoint Detection and Response), NDR (Network Detection and Response) and MDR (Managed Detection and Response).
Seceon aiXDRTM combines the powerful aiSIEMTM solution with agents on the endpoints to provide this 360degree view. It combines the network, identity, application, cloud, and endpoint visibility with behavioral ML algorithms and AI based dynamic threat models to surface only the alerts that matter. It does this by using contextual, situational and behavioral context/awareness, eliminating false positives and reducing the alert fatigue. It also includes aiSIEM’s automated actionable intelligence and extends it to stop any harm by automated actions on the endpoints. Using the endpoint agent
The aiXDR platform includes of the aiSIEM use cases and extends them by providing better Asset Management which includes detailed finger printing of the endpoint providing information such as OS, OS version, Hostname, Mac address etc. One of the key use case is File Integrity Monitoring, where one can easily track changes to critical files. One of the key differentiation that aiXDR provides compared to most cyber security tools is 360degree view which is defined by our co-founder Naveen Rohatgi as an “Integrated Comprehensive Visibility” that includes the collective visibility of endpoints and IT/Network Infrastructure such as Firewalls, Identity Management, Proxies, Routers and Switches. Additionally, one can use aiXDR for advanced Threat Hunting, searching specific hosts, users, and even files by name, path or SHA, running process, network connections etc. on a specific Host, Server, Asset Group or for an entire organization.
In today’s unprecedented situation with the pandemic, organizations are forced into digital transformation, resulting in the perimeter getting extended to employee’s homes and other remote work places and increased usage of cloud. With mobile endpoints, software defined networks and increased cloud adoption; an agent is a must on the endpoint to capture all activity details of the endpoints when it cannot be captured by network activity alone. Seceon aiXDR platform completes that story by using the endpoint agents on top of the aiSIEM platform to provide the best comprehensive cybersecurity even when the endpoint is remote and not connected to organization’s network.