CollectiveSight

Services

About the platform

CollectiveSight is a centralized cybersecurity monitoring and threat hunting platform. Its functionalities go beyond just visibility and offer capabilities to build and continuously refine rules for detecting threats and non-compliances. It is set-up in organization’s internal network and analyzes (tapped) data just before it is sent across the internet. The platform is intended to be deployed in sectorial or national critical infrastructures, set-up for central management and incident handling as well as threat hunting from sectorial or national CSIRT.

As well as the above, the platform can:

Provide Digital Forensics and Incident Response (DFIR) capability in several days traffic history;
Be integrated with threat intelligence sources (Indicators of Compromise (IoC) - rulesets, artefact triggers). Threat intelligence aggregation transformation router is set-up internally, which supports different IoC databases, cybersecurity threat intelligence feed routers and other CSIRT threat intelligence integration platforms;
Be physically separated as the architecture of the platform is designed not to interfere in any way with the organization’s ICT infrastructures (the platform cannot be destination or source of attack at the organization);
Enable CSIRT to zoom on a particular individual sensor or work with aggregated data from some or all sensors;
Provide situation visibility to the deployed organization’s security staff, i.e. CSIRT accesses and manage information from all of the sensors, while the local team can only see data from own incident management device.

Key components of the platform

Solution architecture and configurations of all components (customized blueprint) for particular use cases and services;
Hardware and software;
Configuration of management automation features, infrastructure monitoring and auditing;
Processes and Standard Operating Procedures (SOPs);
Training;
Integrated threat intelligence.