1. eXtended Detection & Response, XDR
Purpose: An integrated set of solutions (CDS+EDR+NTA) that allows, based on network traffic analysis, signatureless detection of suspicious events and in-depth control of PCs and servers, to provide an unprecedented level of IT infrastructure observability and incident response efficiency
2. Attack Surface Management, ASM
Purpose: Control of own “surface attack”:
- obtaining unbiased data on how the organization “looks” to a potential attacker
- rapid automated identification (using OSINT) of publicly available assets
- detection of hidden connections between the organization’s resources and public cloud resources and code repositories (eg Github)
- building a real model of threats to public resources of the organization and their constant proactive monitoring
3. Policy & Compliance Management, PMC
Purpose: Control of network security policies, automation of Change Management processes, Compliance:
- collection, centralized storage and analysis of configurations of firewalls and other network equipment
- detection of dangerous, unused, duplicate rules
- automatic construction of the network map “as it really is” at the current moment
- simulation of risks and vectors of implementation of network attacks
- simulation of the consequences of changes in the configuration of network devices before real use
optimization and control of the work of network administrators, building an effective change management process - identification and control of corporate applications
4. User Entity Behaviour Analysis, UEBA
Purpose: Continuous monitoring, logging and analysis of user activity and processes:
- profiling the work of users and processes
- detection of anomalies in user behavior and processes and services, including with the help of AI/ML
- keeping statistics and monitoring the use of working time
5. Identity and Access Manager, IDM / IAM
Purpose: Centralized management of accounts and rights in IS:
- provision, termination, change of access rights to information resources
- audit of available accesses – “putting things in order” in accounts (everything unnecessary is deleted, what is needed is uniquely identified and personified)
- integration with most modern application software platforms (Microsoft, Oracle, SAP, etc.)
- built-in toolkit for development of connectors to non-standard (self-written) software
6. Cloud Access Security Broker, CASB
Purpose: Continuous monitoring, control and management of cloud services:
- implementation of Zero Trust architecture for clouds
- granting users access rights to cloud resources in compliance with the principle of minimum authority
- protection of data in the cloud from distortion, deletion, leakage (both built-in functions and due to integration with DLP)
- detection of abnormal behavior of users and processes when accessing cloud resources and prevention of incidents (both built-in functions and due to integration with UEBA)
- protection against malicious programs and their spread in the organization’s IT infrastructure through clouds
7. Security Orchestration Automation & Response, SOAR
Purpose: Centralization and automation of the Incident Management process (the main tool of the corporate Security Operation Center):
- orchestration of all existing cyber security systems to build a complete interconnected system
- automation of routine security event processing operations based on customizable playbooks
- creating a unified operating environment for proactively tracking and handling cyber security incidents
- maintaining a single knowledge base for the implementation of the process of continuous improvement of the Incident Management process