Santa Clara, Calif. August 24, 2022 – We are very happy to announce that NSFOCUS was included as one of notable vendors in the report The Security Analytics Platform Landscape, Q3 2022 published by Forrester, an authoritative international research consulting organization.
“Security analytics platforms are the center of the SOC”, as stated in this report, “They are the best tool security operations teams have to centralize data for SOC use cases like compliance, alerting, and response. Forrester defines security analytics platforms as: A security analytics (SA) platform converges logs from network, identity, endpoint, application, and other security relevant sources to generate high-fidelity behavioral alerts and facilitate rapid incident analysis, investigation, and response.”
We are honored to receive this recognition. NSFOCUS ISOP (Intelligent Security Operation Management Platform) features security analysis and XDR capabilities, facilitating cross-network threat traceback and making it possible for decision-makers to develop appropriate response policies and respond promptly to keep system risks under control.NSFOCUS ISOP provides intelligent security operations capabilities for XDR. Thanks to its classified design of frameworks, parsing plug-ins, and storages, it can receive multisource data sent via various means, including Kafka, syslog, and FTP, from endpoints, networks, the cloud, and security devices (alerts). The platform can receive logs from thousands of security products. While receiving logs, it carries out a normalization process based on uniform standards to enrich data by supplementing associated asset, threat intelligence, and geolocation information, thereby creating a security data lake across all analytics levels. Incident triage and handling can help users quickly identify critical incidents they are most concerned about, and detect and mitigate threats through multiple techniques including association analysis, behavior analytics and artificial intelligence. For example, using artificial intelligence algorithms, NSFOCUS ISOP learns user preferences to identify and push security incidents; using triage function, the platform allows users to create policies to highlight and digest incidents they most concerned about; and leveraging experience of log analysis, it performs fully automatic detection and response through setting automated playbooks.
Source from NSFOCUS
A vast amount of data can be collected in XDR. NSFOCUS ISOP supports threat hunting by analyzing data from multiple perspectives. It can also present the attack path to reproduce the attack process, helping users identify the root cause of attacks so that they can respond to similar incidents more promptly in future. At the network level, the platform can identify network activities between hosts, thereby detecting the compromise attempts of attackers. At the endpoint level, NSFOCUS ISOP can detect anomalous activities and their relationship chain on hosts during the compromise process to locate root causes of incidents.
As an important part of XDR, managed detection and response (MDR) injects new life into the security operations system. NSFOCUS ISOP has also launched the MDR service, which allows users to flexibly choose cloud-based and local security operations services to achieve all-round security operations and continuously improve their security defense capabilities.
As the core platform of XDR, NSFOCUS ISOP is most valuable in its capability of enhancing the efficiency of security operations. By integrating and incorporating capabilities and data of different security products and converging data from endpoints, networks, and the cloud, it provides advanced threat detection and response capabilities, and truthfully reproduces and shows the attack process, thus simplifying security operations. It unifies controls over different security devices and coordinates manual operations to achieve one-stop, closed-loop security management, reducing the operations cost. To adapt to the future diversification of security business and deployment environments, NSFOCUS ISOP will continue to be improved towards intensive design and contribute to an open ecosystem that features open-source message brokers, open APIs, well-working partnership mechanisms, and uniform industry standards.