In 2023, a best in breed cybersecurity solution must detect cyber threats & anomalous behavior using signature and non-signature-based techniques and respond to these threats via native capabilities.
Seceon’s comprehensive platform includes more than 15 tools like AI, ML, Vulnerability Assessment, SIEM, SOAR, UEBA, NBAD, NTA, EDR, TI, but our focus for today is an area that frequently comes up in conversation with customers and partners alike.
Most platforms require security analysts to write correlation rules to identify actual threats from a plethora of events analyzed by the platform and reported as potentially suspicious. This is a complex human intensive task, often prone to error. Seceon’s aiXDR leverages Dynamic Threat Models to automate this task. These threat models are based on patented technology with preconfigured rules, adjusted dynamically based on an organization’s usage pattern.
Here are some salient points on aiSIEM’s Threat Detection capabilities:
• It can identify malicious activity and infections on devices that are outside traditional perimeter defense and split VPN connection.
• It can identify advanced threat infection vectors regardless of being inside or outside the corporate network.
• It can detect infections without the presence of any file analysis software.
• It can detect infected hosts and endpoints regardless of the OS involved.
In Seceon aiXDR, only the threats with high probability (Confidence Level) are translated into alerts, thus reducing alert fatigue and wasteful work. These selective alerts can be sent as notifications to Security Operations Centre (SOC) teams via emails. Also, syslog notifications and Webhook interfaces are included. Additional interfaces such as OpenDXL and aiXDR’s API functions can be blended to enhance the security data exchange model.
The automation is complemented by built-in alert workflow and audit capabilities for security analysts that prefer manual steps. An alert can go through a typical workflow with these actions – Assign, Comment, “Not an Alert”, Remediate, Trusted Threat Indicator and Close. The entire lifecycle is preserved for alert analysis and presented graphically to show evolution trends.
Primary focus is placed on a proactive approach to threat detection and response with minimal SOC/analyst involvement so that security incidents can be averted or reduced considerably. Hence incident management is translated into critical and major alerts in Seceon’s taxonomy. An incident can be further investigated by drilling into the alert and stepping through the validated Threat Indicators all the way down to the event data (suspicious activity type, executable, parent/child process, OS vulnerability, date detected etc). Also, further investigation can be conducted at asset level, device level or user level through the Deep Tracker tool.
At Seceon we’re collaborating with many of the best Cybersecurity Operation Centers across the globe. One requirement we often hear requested from analysts is a solution that natively offers behavioral techniques (non-signature-based detection), such as machine learning or advanced analytics in addition to signature-based techniques that detect network anomalies.
The Seceon aiXDR solution is built upon its Open Threat Management (OTM) Platform enabling organizations to detect both signature-based malware with precedence and zero-day threats without precedence, quickly and effectively, thereby thwarting the kill chain and minimizing the extent of damage across business and enterprise environments. Towards that end, aiXDR eschews static rules-based threat detection in favor of dynamic threat models and behavioral analytics, utilizing elastic compute power and advanced machine learning. Furthermore, AI with actionable intelligence and anomaly detection algorithms with definitive indicators are synthesized to eliminate threats in real-time, thus eliminating the need for investing hours and days to establish predefined static rules.
The aiXDR solution empowers SOC teams to orchestrate and analyze operational security data, manage threats and vulnerabilities, and respond to security incidents in real-time.