{"id":4942,"date":"2024-02-13T11:03:55","date_gmt":"2024-02-13T09:03:55","guid":{"rendered":"https:\/\/it-integrator.ua\/platforms\/tier-4-adaptive\/"},"modified":"2024-03-12T11:17:14","modified_gmt":"2024-03-12T09:17:14","slug":"tier-4-adaptive","status":"publish","type":"platforms","link":"https:\/\/it-integrator.ua\/en\/platforms\/tier-4-adaptive\/","title":{"rendered":"Tier 4: Adaptive"},"content":{"rendered":"<h6><span style=\"color: #a30404;\"><strong>1. eXtended Detection &amp; Response, XDR<\/strong><\/span><\/h6>\n<p><span style=\"color: #a30404;\"><strong>Purpose:<\/strong><\/span> An integrated set of solutions (CDS+EDR+NTA) that allows, based on network traffic analysis, signatureless detection of suspicious events and in-depth control of PCs and servers, to provide an unprecedented level of IT infrastructure observability and incident response efficiency<\/p>\n<h6><span style=\"color: #a30404;\"><strong>2. Attack Surface Management, ASM<\/strong><\/span><\/h6>\n<p><strong><span style=\"color: #a30404;\">Purpose:<\/span><\/strong> Control of own &#8220;surface attack&#8221;:<\/p>\n<ul>\n<li>obtaining unbiased data on how the organization &#8220;looks&#8221; to a potential attacker<\/li>\n<li>rapid automated identification (using OSINT) of publicly available assets<\/li>\n<li>detection of hidden connections between the organization&#8217;s resources and public cloud resources and code repositories (eg Github)<\/li>\n<li>building a real model of threats to public resources of the organization and their constant proactive monitoring<\/li>\n<\/ul>\n<h6><span style=\"color: #a30404;\"><strong>3. Policy &amp; Compliance Management, PMC<\/strong><\/span><\/h6>\n<p><strong><span style=\"color: #a30404;\">Purpose:<\/span><\/strong> Control of network security policies, automation of Change Management processes, Compliance:<\/p>\n<ul>\n<li>collection, centralized storage and analysis of configurations of firewalls and other network equipment<\/li>\n<li>detection of dangerous, unused, duplicate rules<\/li>\n<li>automatic construction of the network map &#8220;as it really is&#8221; at the current moment<\/li>\n<li>simulation of risks and vectors of implementation of network attacks<\/li>\n<li>simulation of the consequences of changes in the configuration of network devices before real use<br \/>\noptimization and control of the work of network administrators, building an effective change management process<\/li>\n<li>identification and control of corporate applications<\/li>\n<\/ul>\n<h6><span style=\"color: #a30404;\"><strong>4. User Entity Behaviour Analysis, UEBA<\/strong><\/span><\/h6>\n<p><strong><span style=\"color: #a30404;\">Purpose:<\/span><\/strong> Continuous monitoring, logging and analysis of user activity and processes:<\/p>\n<ul>\n<li>profiling the work of users and processes<\/li>\n<li>detection of anomalies in user behavior and processes and services, including with the help of AI\/ML<\/li>\n<li>keeping statistics and monitoring the use of working time<\/li>\n<\/ul>\n<h6><span style=\"color: #a30404;\"><strong>5. Identity and Access Manager, IDM \/ IAM<\/strong><\/span><\/h6>\n<p><strong><span style=\"color: #a30404;\">Purpose:<\/span><\/strong> Centralized management of accounts and rights in IS:<\/p>\n<ul>\n<li>provision, termination, change of access rights to information resources<\/li>\n<li>audit of available accesses &#8211; &#8220;putting things in order&#8221; in accounts (everything unnecessary is deleted, what is needed is uniquely identified and personified)<\/li>\n<li>integration with most modern application software platforms (Microsoft, Oracle, SAP, etc.)<\/li>\n<li>built-in toolkit for development of connectors to non-standard (self-written) software<\/li>\n<\/ul>\n<h6><span style=\"color: #a30404;\"><strong>6. Cloud Access Security Broker, CASB<\/strong><\/span><\/h6>\n<p><strong><span style=\"color: #a30404;\">Purpose:<\/span><\/strong> Continuous monitoring, control and management of cloud services:<\/p>\n<ul>\n<li>implementation of Zero Trust architecture for clouds<\/li>\n<li>granting users access rights to cloud resources in compliance with the principle of minimum authority<\/li>\n<li>protection of data in the cloud from distortion, deletion, leakage (both built-in functions and due to integration with DLP)<\/li>\n<li>detection of abnormal behavior of users and processes when accessing cloud resources and prevention of incidents (both built-in functions and due to integration with UEBA)<\/li>\n<li>protection against malicious programs and their spread in the organization&#8217;s IT infrastructure through clouds<\/li>\n<\/ul>\n<h6><span style=\"color: #a30404;\"><strong>7. Security Orchestration Automation &amp; Response, SOAR<\/strong><\/span><\/h6>\n<p><strong><span style=\"color: #a30404;\">Purpose:<\/span><\/strong> Centralization and automation of the Incident Management process (the main tool of the corporate Security Operation Center):<\/p>\n<ul>\n<li>orchestration of all existing cyber security systems to build a complete interconnected system<\/li>\n<li>automation of routine security event processing operations based on customizable playbooks<\/li>\n<li>creating a unified operating environment for proactively tracking and handling cyber security incidents<\/li>\n<li>maintaining a single knowledge base for the implementation of the process of continuous improvement of the Incident Management process<\/li>\n<\/ul>\n","protected":false},"featured_media":0,"template":"","class_list":["post-4942","platforms","type-platforms","status-publish","hentry"],"acf":[],"_links":{"self":[{"href":"https:\/\/it-integrator.ua\/en\/wp-json\/wp\/v2\/platforms\/4942","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/it-integrator.ua\/en\/wp-json\/wp\/v2\/platforms"}],"about":[{"href":"https:\/\/it-integrator.ua\/en\/wp-json\/wp\/v2\/types\/platforms"}],"wp:attachment":[{"href":"https:\/\/it-integrator.ua\/en\/wp-json\/wp\/v2\/media?parent=4942"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}