• Monitoring of users access to resources (authentication systems, VPN accesses, file server, NAS, email server, etc);
• Monitoring of system administrators accesses to resources (access log, details of operations made in the system);
• Monitoring of traffic logs of perimeter firewalls (information about network connections from internal systems, communication with Command and Control systems, possible actions of data exfiltration identification);
• Monitoring of generated logs from Endpoint Protection platforms (EPP) and Endpoint Detection and Response (EDR) allowing malware identification or possible attacks aimed to avoid company data;
• Monitoring of logs generated by Host Intrusion Prevention and Detection (IPS, IDS) tools, also Host-based intrusion detection system (HIDS);
• Monitoring of logs generated by File Integrity Monitoring (FIM) and Data Leakage Protection (DLP) solutions aimed to protect company data;
• Decrease attack surface with vulnerability management activities (NVS module), identification of data asset vulnerabilities caused by updates lack or by incorrect configuration (hardening); threats classification;
• Collection of Open Source Threat Intelligence Feed of third parties (LM and LCE modules) to reduce number of false positive and provide accurate information to technical staff;
• Advanced features of data analysis and presentation to facilitate the IT incidents management process.
Taking advantage of collected data, Log Correlation Engine module (LCE) allows to identify risk scenarios with correlation rules that can apply automatic countermeasures.