fbpx

This website uses cookies to ensure you get the best experience. More Information...

THREAT ANALYTICS

THREAT ANALYTICS

Our Threat Analytics are designed to leverage situations where industry standard solutions fail to address advanced attack vectors, security risks and exposures.

Our HARDCORE© Threat Analytics Content leverages threat intelligence, expert rules and advance security analytics algorithms to reveal abnormal or suspicious behavior and patterns that can be used to trigger alerts and security response procedures.

Provided on top of already deployed event collection and/or correlation mechanisms, HARDCORE© enables advanced and in-depth analysis of large amounts of log data allowing client organizations to discover, visualize, and communicate meaningful insights from a variety of sources along with simplicity in deployment and management, from small to enterprise scale, and eliminate tradeoffs between performance and efficiency.These products are tightly integrated with ArcSight SIEM platform and are designed to work as part of the Threat Management suite of services; nevertheless, they can be integrated as a key component with any SIEM Technology and work seamlessly across diverse SIEM setups.

  • Crimeware & APT Analytics
    Crimeware & APT Analytics form a state-of-the-art and continuously-evolving methodology against advanced persistence threats. The analytics framework takes advantage of the collected Cyber Threat Intelligence, Real-Time Sandbox Execution and the SIEM Correlation engine to process and identify indicators at any stage of the APT Lifecycle.
    This innovative analytics capability allows OBRELA to capture nearly anything the customer's internal users download (whether they know they are downloading it or not), analyze the files behavior and communications and provide all appropriate information needed to flag the file ok for further use or not. The results of this dynamic analysis are also fed back into the SIEM for cross‐correlation with real-time logs collected from the equipment in order to solidify the impact and prevent propagation of any malware or APT.
  • Web Resource Analytics
    Web Resource analytics enable the assessment of the integrity and availability of web resources, in order to identify and respond in-time to scenarios such as defacements, misconfigurations / errors, client-side malware, sensitive data disclosure, unauthorized content modification
    The customer's key web resources and their approved activities are extensively tested until a “Standard” baseline is developed. This baseline is then applied and monitored ‘round the clock. Any deviation from this mapping will trigger flags within OBRELA Security Operations Center and strict rules of engagement are followed, allowing the customer to act quickly and decisively.
  • Network Perimeter Analytics
    Network Perimeter Analytics allow the collection and processing of huge amounts of network log data, looking for the “needle in the haystack”, by analyzing behavior and identifying suspicious and out-of-the-ordinary communications.
    All network traffic on customer perimeter network is extensively monitored and a “Gold Standard” behavior baseline is developed. This baseline is then subjected to further testing and is refined to ensure that it contains only approved traffic. This final mapping is applied to the real time correlation engine so that any traffic that triggers an alert is properly dealt with. Customer will be able to take a variety of actions depending on the type of policy infringement. Combining the Big Data analytic capabilities of Elastic and ES-Hadoop with the real-time correlation strength of the SIEM engine, the framework provides 24x7x365 actionable intel for any security or compliance requirement.
  • User Activity Analytics
    User Activity Analytics extend privileged user monitoring by providing complete visibility of all critical user/system account activity by linking the user, role and group information with the actual activity logs across the whole enterprise.
    All organizations have a special group of users that have elevated privileges or capabilities on their systems and applications. This (or any other definable) group of users needs to be continually supervised in order to ensure proper behavior and actions within the organizations systems. User Activity Analytics monitor and analyze key users' activities and implement workflows and use cases to spot violations to the security policy.
  • Exposure Analytics
    Exposure Analytics bridge the gap between the indicators of compromise identified through the Real-Time security correlation and the actual vulnerabilities that an asset or service is affected by.
    Vulnerability scan metadata that are generated by out of the box supported vulnerability scanning tools (Retina, Nessus, Qualys) and/or the SWORDFISH Vulnerability Management module, are automatically modeled and analyzed by the SIEM, assigned to the asset model as a “Vulnerability” factor, reducing false-positives and, finally, increasing the alert-criticality level depending on whether an attack vector meets certain conditions that can prove it being successful.
  • Compliance Analytics
    The Compliance Analytics Framework automatically maps technical checks and place them in policy and risk-relevant operational context, allowing organizations to focus on key services and business processes within the enterprise
    Obrela Security Industries Compliance Analytics provide a comprehensive system for the implementation, assessment and monitoring of control effectiveness, including access control changes, administrative activity, log-in monitoring, as well as change and risk management.
Thank you for your interest in our services
One of our representatives will be in touch soon.
Speak with an Obrela Security Industries sales specialist to learn more.