Threat Management Process

Threat Management Process

ClearSkies™ SaaS NG SIEM streamlines your Threat Management Process by significantly accelerating your proactive cyber-threat detection capability and drastically reducing your “Detection Deficit” (time between breach and discovery), while at the same time safeguards the Confidentiality, Integrity and Availability of sensitive information found within log data.

TIME TO DETECT
Collect
Archive
(Digitally Sign,
Encrypt)
Intelligently
Analyze
Correlate
SAFEGUARDING
CONFIDENTIALITY
Mask
TIME TO RESPOND
Assess
Mitigate

TIME TO DETECT

Collect
Vast volumes of structured and unstructured log data generated from security and IoT devices, network infrastructure, systems and applications, are collected.
 
 
Archive
(Digitally Sign,
Encrypt)
Before any action is performed, log data collected is compressed at a ratio of up to 96%, digitally signed and optionally encrypted. It is then archived and maintained in a state which can also be utilized for forensic investigation or legal evidence, should the need arise.
 
 
Intelligently
Analyze
Intelligently process, aggregate and analyze log data with the use of User & Entity Behavioral, Artificial Intelligence, Predictive and Machine Learning models, by incorporating contextual information for the prediction of suspicious and/or the detection of abnormal behavior.
 
 
Correlate
Correlation of log data utilizes not only a number of statistical and heuristic models but also a number of predefined intelligent correlation rules combined with evidence-based knowledge of emerging threats and vulnerabilities, thus allowing the early detection and as a result, the response to targeted attacks and data breaches.
 
 

Safeguarding Confidentiality

Mask
Sensitive information found within log data, such as credit card numbers, can be optionally masked to safeguard confidentiality.
 
 

Time to Respond

Assess
Alerts/Events which pose a threat, are escalated to incident status and classified according to their severity, exploitability and impact factors for further investigation.
 
 
Mitigate
Containment and eradication of the threat.