The modern enterprise environment bears little resemblance to the past environment. An organization’s entire information technology (IT) stack no longer consists entirely of owned on-premises solutions. The ongoing move to the cloud has allowed businesses more flexibility, affordability, and scalability, but has also increased the attack threat surface drastically. To keep track of the changing environment, countless security products have been released and are placed all across an enterprise’s security infrastructure. However, simply having this increase in security products does not guarantee increased coverage
Data, the lifeblood of the network and, by extension, cybersecurity, is collected, but not analyzed and correlated in an effective manner that can generate actionable reports. As a result, security teams end up with piles of fragmented data. It is difficult to efficiently leverage this data because of the following reasons.
By design, XDR is a flexible, easy-to-integrate, comprehensive, and comprehensible security solution for organizations dealing with extensive technology sprawl. For one, XDR integrates with as many data sources as possible and contextualizes the metadata—giving security teams the ability to generate insights from across the IT/OT environment. Moreover, D&R becomes cross-layered across these data points, mitigating the tunnel vision that sometimes comes from traditional methods such as EDR.
Hillstone iSource is a data-driven, AI-powered XDR platform that integrates massive security data, correlates and investigates incidents, identifies potential threats, and automatically orchestrates security to respond cohesively across multiple security products and platforms. iSource brings a radical new approach to cybersecurity with unrivaled security operation efficiency.
iSource can integrate a wide variety of data across the full spectrum of the network, from endpoints to cloud. This data can include NetFlow, Sysmon, Syslogs, metadata, threat information and third-party logs, all of which are then standardized, correlated and analyzed to provide complete visibility and break down security information silos. It not only brings full security visibility with far fewer blind spots, but also improves detection accuracy by minimizing false positives.
iSource leverages information from third-party intelligence partners worldwide to provide additional input for the analysis engine to leverage and enable comprehensive vulnerability and risk management. Additionally, by integrating with third-party partners, iSource gains a very comprehensive signature database. Pairing this with machine-learning technology that Hillstone has been developing since the early 2010’s yields a very thorough correlation analysis engine that is capable of generating in-depth, concise, high-confidence logs in limited quantity. During this process, false positives and duplicates are additionally eliminated to further mitigate alarm fatigue for security teams.
If a remediation strategy has been configured, once a threat is identified, iSource will automatically execute the appropriate mitigation actions according to a predefined playbook. Templated playbooks are created according to default templates provided by Hillstone Networks for common vulnerabilities. This option is especially helpful for hamstrung security teams, or enterprises that lack a team of skilled cybersecurity professionals. Alternatively, the customizable playbooks can be user-defined and built from scratch, tailored for the user’s business needs. iSource includes the option of eliminating automatic implementation of mitigation strategies and leaving that step purely up to the discretion of the user. If playbooks are implemented, iSource will communicate recommended action steps back to the point security solutions and services that are fully integrated with iSource.
Hillstone’s iSource offers a customizable dashboard that allows simple access to the organization’s security posture with comprehensive statistical information such as rankings of threat events by criticality level, as well as incident summarization and security trends with graphical charts and lists. iSource also supports template-based or customizable reports that can be scheduled or generated on demand. Public APIs enable integration with third-party tools or security products to delineate the necessary remediation steps.