Services

About CollectiveSight

CollectiveSight is a centralised cybersecurity monitoring and threat hunting platform. The solution has been created by NRD Cyber Security R&D team to enable coordinated threat monitoring. Its functionalities go beyond just visibility and offer capabilities to build and continuously refine rules for detecting threats and non-compliances. It is set-up in organisation’s internal network and analyses traffic data just before it is sent across the internet. It is set-up for central management, incident handling and threat hunting.

The key features and benefits of CollectiveSight solution

When deployed within an individual organisation:

  • Established security awareness: Proactive monitoring of network traffic flows and logs from workplaces enables organisation‘s security team to be aware of what is happening inside the organisation's infrastructure.   
  • Enhanced security team‘s incident handling: Faster identification and analysis of incidents. Analysts who inspect security events are empowered to triage incidents with reliable and credible information. 
  • Meeting policy and compliance requirements: Fulfil organisation‘s cybersecurity policy requirements. Have an effective approach towards data loss prevention.
  • Easy-to-deploy and easy-to-use: Platform is designed for easy deployment and configuration. Analysts who inspect security events can easily adapt to platform‘s interface.   
  • Unlimited monitoring capabilities: CollectiveSight is not limited to number of EPS generated, thus organisation can ensure that planned budget will not be exceeded, and additional constraints will be avoided. 

When deployed within a sector or national critical infrastructure:

  • Data localisation: processed data is kept at the source, thus avoiding legal questions occurring when 3rd party hosts sensitive data (e.g., personal, regulated data). Due to CollectiveSight, the central body is capable of building trust with other institutions by respecting their data residency and ownership. 
  • Better sectorial incident handling: faster identification and analysis of incidents due to more specific context available for the analysts who inspect security events. Analysts from the central institution are empowered to triage incidents with reliable and credible information. 
  • Early Warning signals: incidentswhich happen due to the same threat actor are identified and communicated faster. Time to detect new threats across the sector is drastically decreased. 
  • Effective incident management: same taxonomy, processes, and automation are used in all participating organisations. Time to resolve incidents is reduced due to improved coordination. 
  • Curated CTI: centrally curated cyber threat intelligence indicators reduce cost and errors in incident identification and analysis for all organisations. 

Key components of the platform

  • Solution architecture and configurations of all components (customized blueprint) for particular use cases and services.
  • Hardware and software.
  • Configuration of management automation features, infrastructure monitoring and auditing.
  • Processes and Standard Operating Procedures (SOPs).
  • Training.
  • Integrated threat intelligence.

CollectiveSight vs. SIEM vs. NDR

While at the first glance CollectiveSight and SIEM may seem very similar, however, they accommodate different needs and requirements. Below is a comparison of the two solutions:

  • SIEMs are designed to work as security event information aggregators and analysers for incident detection in a single enterprise while CollectiveSight provides a centralized approach.
  • Sectorial or loosely connected organizations require alternative collective approaches, where data is collected, processed, stored, and analysed respecting the collective trust agreement.
  • In case organizations already have well set-up SIEM systems on premises, CollectiveSight platform provides centralized sectorial security visibility.
  • Network Detection and Response (NDR) solutions only analyse network traffic and cannot monitor or track events at endpoint. CollectiveSight has been created by integrating NDR and perimeter defence elements not only to collect data, but also to correlate it and as a result achieve greater total visibility.

Implemented projects

  • CollectiveSight threat monitoring platform for Egypt's financial sector

    Country Egypt

    Read more

Building an effective cybersecurity team

List of audits and assessments we offer

Ask me <
>
Ask me for more information
Paulius Daukšas
Cybersecurity consultant
pd@nrdcs.lt
The cookies are used on this website to improve your browsing experience. Some of the cookies are essential, while others help us to obtain data about how this website is used and to improve your experience. If you agree to the use of all cookies, please click "I agree", otherwise, please click on "Cookie settings" and select which cookies you agree to use. For more information on the use of cookies, please refer to our Cookie Policy.    I agree    Cookie settings
©