We chose Elastic back in 2017 through continuous observation of roadmaps and roadshows over the years, where we saw that planning and implementation of new goals with Elastic were pursued and implemented much more closely in new releases than with all other SOC manufacturers . This continuous development and innovation at Elastic Search has convinced us that it is the best platform for OSCAR ©. We were already using Elastic in the open source version, and at that time we created a SOC for DB Netz AG for the OT area for the new digital interlockings – ESTWs as part of the NeuPro and EULYNX projects. This SOC installed the railway on the test track in Annaberg-Buchholz. OSCAR © uses Elastic Search as a SIEM and data store. This big data platform scales almost linearly, unlike other SIEM systems. Due to its open source development, Elastic Search offers numerous advantages over competing products. This includes:
OSCAR © reads a variety of data and log sources that arise from the various IT and OT sensors for data generation. These network, host and application streams flow into our persistent queue in real-time processing, are normalized, harmonized and enriched for their purpose. After preprocessing, the data is available for further processing in the SIEM. There you generate alerts, serve the queries via GUI or run further self-learning training models through an AI pipeline, use automation tools such as Tines and carry out other automated processes.
OSCAR © offers an anomaly-based, an event-based and an AI pipeline for anomalies in the basic version. In the extended version of OSCAR, we deliver OSCAR with our own AI pipeline, which exclusively uses self-learning training models that could automatically control the entire SOC. It greatly reduces incident management and helps you save personnel costs.
The architecture of OSCAR © is multi-tenant capable and scales immensely.
For our customers who operate infrastructures that they need to decouple from the central SOC infrastructure in the short or medium term, we offer a local SOC in the form of an intelligent local anomaly detector. The local SOC operates autonomously and protects the infrastructure as if it were connected to the central SOC. The data is stored locally. As soon as the local SOC is reconnected to the central SOC infrastructure, the data is synchronized. This solution offers our customers the flexibility and security they need to effectively protect their infrastructures while taking advantage of the benefits of a central SOC infrastructure.
The results are presented in the form of AI-driven interactive dashboards that provide the fastest and most intuitive analysis of the security situation. These dashboards provide graphical representations and filtering options for detailed insights into events and trends. Automatically generated alerts are triggered immediately and can be distributed in real time via various channels such as alerts, email, SMS or ticket systems. Analyzing security incidents and responding to them can be 100% decided and automated by AI. This enables much faster response to security incidents than traditional SOCs.