Scribd Logo
Upload

Welcome to Scribd!

  • Soc Doc

    Uploaded by

    Fahmid Rahim Noor 1504028
    3 views1 page
    This document outlines the key capabilities of a cybersecurity solution including advanced anti-malware, cloud-based real-time threat protection, firewalls, and web content filtering to prevent malware and data leakage. It also describes the solution's log collection, parsing, and normalization into security events to trigger alerts. Critical alerts can initiate automated responses like blocking attacks. Additionally, the solution offers vulnerability scanning, incident handling, and threat intelligence gathering.

    Original Description:

    Original Title

    SOC_DOC

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document outlines the key capabilities of a cybersecurity solution including advanced anti-malware, cloud-based real-time threat protection, firewalls, and web content filtering to prevent malware and data leakage. It also describes the solution's log collection, parsing, and normalization into security events to trigger alerts. Critical alerts can initiate automated responses like blocking attacks. Additionally, the solution offers vulnerability scanning, incident handling, and threat intelligence gathering.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    3 views1 page

    Soc Doc

    Uploaded by

    Fahmid Rahim Noor 1504028
    This document outlines the key capabilities of a cybersecurity solution including advanced anti-malware, cloud-based real-time threat protection, firewalls, and web content filtering to prevent malware and data leakage. It also describes the solution's log collection, parsing, and normalization into security events to trigger alerts. Critical alerts can initiate automated responses like blocking attacks. Additionally, the solution offers vulnerability scanning, incident handling, and threat intelligence gathering.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 1

    Protection with advanced anti-malware

    Cloud based real time security


    Protection and response against new malware
    Prevent threats from entering into system via hardware devices
    Prevent data leakage by allowing read only access
    Firewall
    Web content control
    Prevent access to websites based on categories

    Log collection: This is the first step


    Log parsing: Braek down messages into relevant metadata for analysis
    Normalization
    Events: All logs get normalized into 'events', providing meaningful metadata and
    security context
    Signals & Indicators: Events with high security will trigger alerts

    Active response: Critical alerts weill trigger automated responses on the endpoint
    Scripts and playbooks to respond to common intrusion attempts
    Block crute force attacks or access attempts to servers
    Locate system anomalies
    Behaviour analytics an process and user activities

    Vulnerabilty scanning, assessment, report intake


    Vulnerabilty research, discovery and disclosure
    Vulnerabilty patching and mitigation
    Incident Triage Handling incident by defining incident categories, response steps
    and escalation paths
    Cyber threat intelligence: Identifying unwanted actors in network, tuning sensors
    and analytic systems preventing or slowing down imminent attacks

    You might also like