Netbull eASIS, based on a Security Information and Event Management solution, collects security events from the customers’ infrastructures, provides the necessary real-time security incident analysis mechanisms through an intelligent engine that applies event management rules across the IT infrastructure, aiming in detecting and responding to threats that are often invisible and unrecognizable by other security solutions. These threats can include unauthorized use of applications, leakage of confidential data and advanced "low and slow" threats that are hidden in the "noise" of millions of events.

The platform collects information such as:

• Events from Security Systems: Events from Firewalls, virtual private networks, intrusion detection/prevention systems etc.

• Events from Networking Devices: Events from Switches, Routers, Servers etc.

• Information from the data network traffic: Application-level information derived from network traffic and application data flow through the network.

• Information from the user interface and asset management systems: Events from identity control and access management systems, vulnerability assessments/scanning, etc.

• Operating system information: operating system, version, etc.

• Application event logs: ERPs, workflows, databases, management platforms, etc.

Netbull eASIS is integrated with artificial intelligence technology. This technology is designed to immediately detect at early stage an attack, understand the logic of the attack and the methodology of a specialized hacker. This is achieved through Big Data Security Analysis and cognitive computing technology. Cognitive computing technology is an advanced type of artificial intelligence that leverages various forms of AI, including machine learning algorithms and deep learning, that are enhanced and become smarter over time.

Each malicious activity is analyzed and modeled through a unique approach that combines the methodology and stages of an attack on the client's infrastructure with:

• framework MITER ATT & CK,

• users’ behavior/endpoints/network

• information from security big data,

defying the degree of risk, the characteristics of the attack, and the total of malicious activity.

Netbull eASIS, is also integrated with a SOAR tool that introduces efficiency into netbull Security Operations Center (nSOC) and guides our security team through the incident response (IR) process to reduce repetitive tasks, allowing them to focus on the tasks that matter the most.

The tool increase collaboration by giving to security team visibility into incident progression and timely notifications, and by assigning tasks to team members, including key stakeholders from other business units.

The SOAR's orchestration and automation capabilities build dynamic playbooks that enable the team to adapt with new incident information and to focus on high-level investigations by reducing repetitive tasks. The power of the SOAR system is amplified with numerous integrations available with other security tools.

Through nSOC and Netbull Threat Management Platform (eASIS), we can provide: