OSCAR GUARD

OSCAR, our SOC kernel, offers access to the SOC/NOC via a secure appliance and licenses it. The appliance protects secure access to the SOC/NOC, establishes required secure encrypted connections, protects the integrity of all software used, and helps with partial decoupling and communication of the SOC for special missions via Silentel (NATO standard). OSCAR is available in two versions and with three or four ingestion pipelines. One version works with anomaly and event-based thread detection plus a simple AI ingestion pipeline for automated actions. The second version works with anomaly-, event-based and AI-based (exclusively self-learning training models) thread detection. With automated AI-driven and AI-enabled use cases, playbooks, threat query and response, and continuous monitoring, OSCAR not only improves your security, but also the response time and efficiency of your teams. It also saves immense costs through greatly reduced incident management. OSCAR was built for OT and IT. For OT, OSCAR Guard offers sensor add-ons that also provide an AI-controlled service that Motion2Insights (M2I) calls “Business Security”. Automated processes created by different AI training models execute automated tasks in the infrastructure where customers want them. Trust OSCAR to optimize your security measures and establish a solid, agile defense against cyber threats.

Elastic SIEM

(Security Information and Event Management) is a key technology for securing a company’s IT infrastructure. It forms a data lake and combines the collection, analysis and correlation of security data from various sources such as networks, servers and applications in real time. Through centralized monitoring, SIEM enables rapid threat detection and response, significantly increasing security. SIEM also supports regulatory compliance and creates detailed reports and audit trails. With its powerful threat detection and incident response capabilities, SIEM optimizes security processes and minimizes risks, allowing organizations to proactively protect their IT environment.

Kibana

Kibana is a tool for visualizing and leveraging indexed data in the analytics and search engine Elasticsearch. This application allows easy reading and interpretation of the information offered in visual, intuitive and interactive formats. With Kibana you can perform fast and scalable data analysis for observability, security and search. It offers powerful analysis of data from any source, from threat intelligence to search analytics, from logs to application monitoring and much more.

tines

Tines is automation software for known threats. Investigate, resolve and report an incident in a collaborative workspace with Tines’ powerful, intuitive case management. Better automations, fewer cases, and faster incident response. Engage people when it matters to your business, while workflows capture the rest. Cases make it easy to work on incident response and create an audit trail for resolution. Reduce friction without compromising your technology. Automation often involves other teams – DevOps, IT, and HROps – working in other systems. Collaborate effectively across systems and teams using cases. Work more with use cases and AI. Summarize event data and pass it to a case. Format a case template using Markdown. Summarize what happened in a case and pass it on to someone. Format a timeline of events in a visualization and then add it to a case. Assign records.

swimlane

With Swimlane you can build and apply low-code automation in Sec Ops, Fraud, OT environments, clouds, compliance, audits and more. Automate everything with Swimlane Turbine. Organizations often do not have the same internal processes, data sources, team structures or resources. Swimlane built a Turbine for the future of automation. From basic operational tasks to industry-specific applications, Turbine can automate everything to help you achieve all your business goals. The only obstacle is your imagination. The most common use of a low-code security platform is to handle tasks in the SOC. Turbine is a SOC amplifier. It integrates all security tools and automates manual task execution at machine speed. Automation of critical SOC processes such as phishing, incident response, SIEM triage, threat hunting, EDR alert triage. Additionally automate Insider Thread and Secure Employee Offboarding, as well as Fraud Investigation and Response.

PALOALTO

Automation is critical to security operations today, as the rapid shift to the cloud and proliferation of siled tools have led to an explosion in security alerts. The lack of security experts makes it difficult for Sec Ops teams to address all incoming alerts in a timely manner. It’s time to think about how you can use automation to bridge this gap and also protect your human analysts from burnout. Protect everything and everyone, anywhere, from the latest threats. Designed for Zero Trust and powered by AI, the Strata™ Network Security Platform proactively monitors, analyzes and prevents advanced threats in real-time and with reduced complexity, enabling secure growth and innovation for your business

 

XEOX

XEOX offers robust network security features with its port-based Network Access Control (NAC) feature. This feature actively denies network access to unregistered devices while notifying the IT team. In addition to denying unauthorized entries, NAC helps assign the correct VLAN to switch ports based on device type for simplified LAN management. Additionally, all LAN activity is recorded, improving compliance and audit processes. XEOX also supports all LAN devices, voice VLAN, dynamic VLAN assignment, a multi-site concept, email notifications and network documentation. We use XEOX and all of its functions to establish a NOC if the SOC is not sufficient.

Sensor Beats and Ingestion Pipelines

OSCAR uses a manageable number of extremely powerful sensors and ingestion pipelines (event, anomaly and AI). The sensors serve different thread detection methods. The pipelines take care of the data flows from existing data sources into the SOC. The data is normalized, filtered, transformed or enriched. Among other things, we use Elastic Search-based tools to collect data from OSCAR. In our machine learning pipelines, data collection takes place online and offline. The data is examined, transformed and sent to feature engineering. We exclusively use self-learning training models, chi-square approaches and other mathematical approaches for statistical testing to determine the effect of a function according to the trained machine learning models. We use dedicated pipelines for each of our models. Our average hit rate for AI-based threat detection is 99.8%. OSCAR continuously captures security events in data sources. Threats are reliably detected through the use of excellent and certified technologies and comprehensive data correlation. Our SOC provides fault-tolerant and more valid threat detection, including through data correlation. Detection occurs in real time and retrospectively. The visibility of the SOC through the panels is continuously optimized. Thanks to its Elastic Search support platform, OSCAR is highly scalable, extremely powerful and cost-transparent. We have already integrated our ML-based autopilot into threat analysis. The most common threats include ransomware, malware (aaS), Dos and DDoS attacks, phishing campaigns, man-in-the-middle attacks, cross-site scripting, cloud attacks, data and identity theft, brute force attacks, tunneling attacks, spoofing attacks and various injections. AI playbooks and SOAR tools automate at the defense level. We mainly used Tines and Swimlane, but also Palo Alto’s XSOAR on request. All signature and event-based use cases from OSCAR are also available as AI use cases. OSCAR offers attack simulations to some extent. The level of maturity increases from project to project. In OSCAR, incidents are pre-assessed using an advanced MITER ATTACK framework. Ultimately, only the critical alarms are evaluated by the AI ​​or by incident managers, security analysts, IT forensic experts and red teams in order to make guaranteed, reliable decisions for the further treatment of the attack – or for the counteraction or defense. OSCAR can be set up so that its autopilot initiates remediation of threats or attacks or simply suggests to the operator how best to resolve the problem. The final decision can be made through user intervention. Users can ask the AI ​​normal questions via the Human API, such as “Show me which hosts are infected”.

IoT Sensors

OSCAR’s artificial intelligence embedded anomaly monitoring device is a multi-sensor detection system based on high-precision sub-sensors such as vibration, noise, magnetic flux, ultrasound and other sensing, which provides early diagnosis by monitoring various types of conditions and characteristics of mechanical material fatigue and failures enabled. All IoT sensors have AI integrated into hardware that is controlled via software. Based on an example of the xSensus TM PRO & AIR sensors for the OT use case of a legacy pump that does not provide an analog or digital output signal, 3 independent single-axis high-precision analog vibration sensors, high-precision MEMS microphones, an ultrasonic sensor, magnetic field sensor, temperature sensor work for the current status display. The system integrates 1200+ vibration diagnostic libraries, 650+ noise anomaly diagnostic libraries, 230+ ultrasonic model diagnostic libraries, as well as 80+ magnetic flux anomaly diagnostic libraries. We have the best OT sensors available for your industry-specific orientation.

Silentel

Silentel protects your voice calls, messages, chats, confidential documents, photos or other files from eavesdropping and interception. Silentel is NATO standard. We use it to add value to your SOC/NOC to be secure in all communications. We also use Silentel for SOC edge applications when a portion of the SOC needs to be decoupled from the parent SOC for a deployment or mission to ensure software integrity. We exchange some of the keys via Silentel.

IM Platform Ticketing

At the end of a SOC process there is an action. We can have these actions carried out analogously by incident managers or by the AI, depending on the maturity of the implemented SOC/NOC. When the AI ​​controls, it carries out tough, automated actions that have been trained. The ticket that you create in the ticketing system only reports on the incident and the actions including traces. For OSCAR implementations without AI, the system is used in the usual way for incident management. M2I does not have a designated IM ticketing platform. We use on-premises what the customer already has. We use Jira for SOC as a Service from the cloud.