Security Orchestration, Automation and Response
A Paradigm Shift in Security Operation, eyeCloudXOAR
The automated response is made possible with various CTI and security devices according to the standardized response process by companies and compliances.
The System Automatically Processes
and Provides Response Guideline
Incident response automation minimizes manpower by setting up a playbook and reducing repetitive and routine tasks. It alerts when human intervention is required for decision-making and compliance review.
Optimized response process by threat types, by company/agencies, and by compliances minimizes quality differences in security operators’ capacity and prevents security incidents from human error.
Every security system is integrated and organically operates as though using a single system. These increases return on investment from the existing assets.
True Meaning of ‘Integration’ and ‘Automation’
The largest number of security
devices are synced in Korea
Implementation of syncing with a large number of firewalls, IPS/IDS, WAF, and other security devices is completed. eyeCloudXOAR automatically applies compliances to each of the devices by playbooks.
Improved the state of security
by syncing with various CTI
Implementation of syncing with various global cyber threat intelligence (CTI) is completed. The CTI scanning and analysis processes are automated to reduce the operator’s workload.
Standardization and automation of incident response process (Playbook)
- Events are automatically processed by standardizing threat analysis and response procedures using playbooks set by threat types and by compliances of companies/agencies.
- Setting up the components by compliances for security devices to perform the automated procedures by the threat types and by processes.
- Each component are easily set up by drag-and-drop to create and manage playbooks.
Threat status visualization
- Correlation analysis of multiple events by the ontology analysis.
Each field of events, asset name/type, departure/destination IP, and ports are visualized to grasp how the overall threat status is progressing.
- Playbook provides a bird’s-eye view of response processes by threat types and results of auto and manual processing by components to improve work efficiency.
False-positive analysis and anomaly detection by AI
- Distinguishing threat types after false-positive analysis and anomaly detection by AI models. This enables the automated response by the distinguished threat types using playbooks.
- The status of the cyber kill chain, KISA threat analysis types, and the status of ATT&CK analysis can be viewed at a single point.
Visualization of synced assets by the 3D network map
- Threat analysis is made easy because synced assets such as servers, network devices, end-point devices, and security devices are visualized by the network topology.
- Flow status of cyber threats and traffic statistics of each synced asset are displayed.
- Easily creating network topology information using TraceRoute technology and scanning of asset information by Nmap and service information.