MDR-SOC
MDR-SOC is a cybersecurity framework built on a Predictive Risk Analysis Framework (PRAM) providing corporations with a holistic solution around protecting themselves from cyber-attacks and threats. Its goal is to predict the attack, isolate the event as it occurs, converse with the intruder, segment the conversations, and provide assurance of the end-to-end process in auditable reports.
MDR-SOC provides a leading enterprise class threat intelligence platform, combining comprehensive threat data collection, prioritization, and analytics with a secure collaboration in a vetted community. Offering a wide-ranging business infrastructure integration, MDR-SOC allows organizations to proactively identify and combat cyber threats targeting its core operations. It optimizes an organization’s defenses against cyber-attacks by complementing traditional signature-based technologies. MDR-SOC delivers a data driven security approach enabling any existing security infrastructure investments and helps them function more effectively. MDR-SOC can be designed as an:
Integrated sandbox for threat and malware analysis
Advanced threat intelligence configuration specific to line of business
MDR-SOC is high performance, scalable, and uses Apache Metron as its base platform with C/C++ and Python as its core components. It indexes and searches log and other data in near real-time. MDR-SOC processes and indexes all the data by streaming it through a series of pipelines, where each pipe is made of series of processors with a distributed framework built using MapReduce-inspired abstraction layer with Elastic-Search-Logstash-Kibana (ELK) and Packetbeat, as the heart of the framework.
MDR-SOC gives a complete data management package. Once the data is imported, multiple searches can be run performing analysis and gaining insights to formulate business strategies.
Sniff & Detect
- We use OpenTaxxi, Anomali, ThreatXchange and other sources for livestream of attacks
Isolate & Segment
- Ampcus algorithms and code modules will be used to isolate and segment the intrusion
Converse & Contain
- Ampcus algorithms and code modules will be used to converse and contain the intrusion
Outcomes
- Analytics – predictive, prescriptive
- Reports – intrusions, levels of attack, types, word clouds, segmentation
- We use OpenTaxxi, Anomali, ThreatXchange and other sources for livestream of attacks
Isolate & Segment
- Ampcus algorithms and code modules will be used to isolate and segment the intrusion
Converse & Contain
- Ampcus algorithms and code modules will be used to converse and contain the intrusion
Outcomes
- Analytics – predictive, prescriptive
- Reports – intrusions, levels of attack, types, word clouds, segmentation
- Ampcus algorithms and code modules will be used to isolate and segment the intrusion
