Threat Management

A process used by Netbull cybersecurity team to prevent cyber-attacks, detect cyber threats and respond to security incidents.

The new cyber threat landscape is characterized by the increasing of data security risks as cybercriminals use more sophisticated methods to apply attack techniques that are undetectable and difficult to neutralize. Detecting these threats is even more difficult in the age of the Internet of Things, teleworking and cloud services.

With the ever-disappearing perimeter of a protected IT infrastructure and remote workforce, enterprises face complex risks and security threats they've never experienced before.

The core module of Threat Management process is Netbull eASIS, a platform which is based on a Security Information and Event Management (SIEM) solution including advanced elements such as user behavior analytics (UBA), network flow insights and artificial intelligence (AI) technologies to accelerate security incident detection and response.

Netbull eASIS is integrated seamlessly with a security orchestration, automation and response (SOAR) tool for reduction of repetitive tasks allowing our response team to focus on the tasks that matter the most. 

Threat Management

Netbull eASIS, based on a Security Information and Event Management solution, collects security events from the customers’ infrastructures, provides the necessary real-time security incident analysis mechanisms through an intelligent engine that applies event management rules across the IT infrastructure, aiming in detecting and responding to threats that are often invisible and unrecognizable by other security solutions. These threats can include unauthorized use of applications, leakage of confidential data and advanced "low and slow" threats that are hidden in the "noise" of millions of events.

The platform collects information such as:

  • Events from Security Systems: Events from Firewalls, virtual private networks, intrusion detection/prevention systems etc.
  • Events from Networking Devices: Events from Switches, Routers, Servers etc.
  • Information from the data network traffic: Application-level information derived from network traffic and application data flow through the network.
  • Information from the user interface and asset management systems: Events from identity control and access management systems, vulnerability assessments/scanning, etc.
  • Operating system information: operating system, version, etc.
  • Application event logs: ERPs, workflows, databases, management platforms, etc.

Netbull eASIS is integrated with artificial intelligence technology. This technology is designed to immediately detect at early stage an attack, understand the logic of the attack and the methodology of a specialized hacker. This is achieved through Big Data Security Analysis and cognitive computing technology. Cognitive computing technology is an advanced type of artificial intelligence that leverages various forms of AI, including machine learning algorithms and deep learning, that are enhanced and become smarter over time.

Each malicious activity is analyzed and modeled through a unique approach that combines the methodology and stages of an attack on the client's infrastructure with:

  • framework MITER ATT & CK,
  • users’ behavior/endpoints/network
  • information from security big data,

defying the degree of risk, the characteristics of the attack, and the total of malicious activity.

Netbull eASIS, is also integrated with a SOAR tool that introduces efficiency into netbull Security Operations Center (nSOC) and guides our security team through the incident response (IR) process to reduce repetitive tasks, allowing them to focus on the tasks that matter the most.

The tool increase collaboration by giving to security team visibility into incident progression and timely notifications, and by assigning tasks to team members, including key stakeholders from other business units.

The SOAR's orchestration and automation capabilities build dynamic playbooks that enable the team to adapt with new incident information and to focus on high-level investigations by reducing repetitive tasks. The power of the SOAR system is amplified with numerous integrations available with other security tools.

Through nSOC and Netbull Threat Management Platform (eASIS), we can provide:

 

  • SOC Activities
    • SIEM platform as a Service (SIEMaaS)
    • Monitor & Alerting
    • Reporting
  • Advanced ML & AI Technologies & Services
    • IBM QRadar Advisor with Watson
    • User Behavior Analysis
    • Endpoint Detection and Response
    • Network Detection & Response
    • Managed Deception & Response
  • AI Adaptive Services
    • PenTest/VA & Red teaming
    • Early Warning IDS
    • Global Threat Level Monitor
    • Threat Intelligence
    • Threat Hunting
    • Incident Management
CookieBot Trigger