What We Do

Telemetery

Our vendor-agnostic approach to telemetry accelerates and improves the threat detection and investigation process.

Security logs are an important input to the threat detection process. But alone, they’re not enough. Important signals of an attack might be picked up in an application, in enterprise infrastructure, or from cloud infrastructure. And valuable context can be derived from other related data sources. 

That’s why Cysiv SOC-as-a-Service ingests, leverages and provides cloud-scale storage for a broad range of telemetry and other data sources. It improves the quality of, and confidence in, the threats detected, and dramatically shortens the dwell time and mean time to detect (MTTD) threats, and investigate and respond to them. 

Cysiv SOC-as-a-Service Leverages These Sources

Security Controls

Data generated by security infrastructure and tools including:

  • Network IPS/IDS
  • Firewall
  • Endpoint protection platform
  • Server, workload, and container security
  • Web proxy
  • Email security
img-security-controls

Infrastructure, Monitoring, and Authentication

Data used to augment security control data sources; and rich endpoint and user activity data, including:

  • Endpoint detection and response
  • Windows security / Windows process launch / Sysmon / Linux system
  • Active Directory (AD) authentication / Domain Controller / Linux auth
  • IAM / SSO
  • DHCP / Static IP
  • DNS
  • NAT / VPN / Proxy
  • Cloud audit trail
  • Network metadata
img-infastructure

Enrichment Sources

Identity, asset, vulnerability, and threat intelligence data that illuminates security context and impact during an investigation:

  • Active Directory object properties / LDAP
  • Asset inventory and classification / Configuration and patch management
  • Indicators of Compromise (IOC)
  • Vulnerability scan results
EnrichmentResources

Applications

Data generated by mission-critical applications running on servers, including:

  • Database
  • ERP
  • CRM
  • APIs
img-applications

Did you know?

Managed Detection and Response (MDR) service providers rely only on telemetry from their endpoint security solution. But endpoints are not the only threat vector you need to worry about. By ingesting and analyzing telemetry from a very broad range of sources, you’ll reduce the number of false positives, improve the quality and fidelity of each detection, and identify a much broader range of threat vectors.

Better security starts with more telemetry and data.

You choose your technology stack.

We use the telemetry and data from whichever technologies and vendor solutions you’ve chosen and don’t require you to standardize on any one vendor.  We’re constantly adding new sources to meet specific customer requirements and use cases.

 

Benefits of Cysiv SOC-as-a-Service

Why a vendor-agnostic approach to telemetry matters
Provides a Complete Picture

Provides a more complete picture of the threat environment and much greater context surrounding malicious or suspicious activity, which in turn improves the quality and accuracy of threat detections and accelerates the investigation process.

Improves Detection

Improves correlation, weeds out false positives, and maximizes the probability of finding suspicious activity, targeted attacks, and other threats that warrant further investigation.

Uncovers Hidden Threats

Helps discover threats that are often new, hidden or evasive.

Enables Prevention

Helps ensure that threats are blocked and prevented before they cause damage.

Removes Limitations

Ensures you aren’t locked into, or limited to, any one vendor’s security solutions.

Improves ROI

Leverages your existing security investments

Request a Demo Today