DETECTION AND RESPONSE MANAGEMENT
Generally, it is believed that more layers guarantee greater protection. The clear thing is that the more layers, the more complex the security becomes.
During the last 10 years, for every two new threats developed, there is a new cybersecurity check; however, the development time gives the aggressor a successful chance in his endeavors.
WHAT DO WE DO DIFFERENT?
"TO HELP UNDERSTAND THE BEHAVIOR OF ITS ATTACKERS WHILE ONE DEFENDER PROCESSES, CLASSIFIES AND RESPONDS."
«The existing cybersecurity controls in the current ecosystem of your organization can be integrated with our services, where ONE DEFENDER can process each alert generated by your cybersecurity systems in a simple way, such as sending an e-mail (alerts based on email) or by connection mechanisms based on WEB services such as API (RestAPI or Graph API). »
«Each one of the processed alerts are registered for analysis of future anomalous behavior, in the same way, its content is extracted from each alert to build the Internal Intelligence Data Center, which is unique per client. The trend analysis builds some of the dashboards of our service available in the RADAR system, helping its operation leaders to understand the behavior of the adversaries by measuring each of the aggression activities while ONE DEFENDER processes them, classify and answer. "
When DEFENSIONE, through ONE DEFENDER, identifies a situation of interest, it will open the process of notification and registration of the activity to its response group or internal CSIRT, allowing them to assess ONE DEFENDER's considerations in terms of the risk of their organization against to this detection.
WHEN A CUSTOMER ACTIVATE OUR SERVICES
Each alert, event and even raw data (logs) will be sent to our ONE DEFENDER platform for evaluation, acting as Level 1 of attention of your Internal Cybersecurity Operations Center. This is how the benefit for your organization is given by processing each alert regardless of the reaction speed, frequency and content; Even noise alerts are processed, identified and discarded without impacting the attention and response capacity. The recurrence of an attack is considered and each alert is evaluated with the history collected from the first day of activation of the added service.
“Although we have detection technologies and services (offered as an additional service option - ONE DETECTOR), our initial effort seeks to ensure that the existing controls within our clients have response actions in defense of organizational digital security, complementing the internal threat response and attention group with our expert system, who executes Level 1 functions (alert classification), active and productive cyber hunting, search and tracking of adversaries and even limited activities at an expert or external level and fingerprint tracking throughout cyberspace. "
«DEFENSIONE analyzes events or alerts, creating context according to their importance or known risk through our ONE DEFENDER analysis platform, combining the data processed with all our databases of Indicators of Compromise, but adding new types of indicators, such as the Exposure Indicator and Warning Indicator, to trigger the most appropriate defense or response plans, creating an effect that allows us to see the various layers of cybersecurity acting as one (ONE), but expert (with sufficient depth) on each attack surface cover."