About the platform
CollectiveSight is a centralized cybersecurity monitoring and threat hunting platform. Its functionalities go beyond just visibility and offer capabilities to build and continuously refine rules for detecting threats and non-compliances. It is set-up in organization’s internal network and analyzes (tapped) data just before it is sent across the internet. The platform is intended to be deployed in sectorial or national critical infrastructures, set-up for central management and incident handling as well as threat hunting from sectorial or national CSIRT.
As well as the above, the platform can:
- Provide Digital Forensics and Incident Response (DFIR) capability in several days traffic history;
- Be integrated with threat intelligence sources (Indicators of Compromise (IoC) - rulesets, artefact triggers). Threat intelligence aggregation transformation router is set-up internally, which supports different IoC databases, cybersecurity threat intelligence feed routers and other CSIRT threat intelligence integration platforms;
- Be physically separated as the architecture of the platform is designed not to interfere in any way with the organization’s ICT infrastructures (the platform cannot be destination or source of attack at the organization);
- Enable CSIRT to zoom on a particular individual sensor or work with aggregated data from some or all sensors;
- Provide situation visibility to the deployed organization’s security staff, i.e. CSIRT accesses and manage information from all of the sensors, while the local team can only see data from own incident management device.
Key components of the platform
- Solution architecture and configurations of all components (customized blueprint) for particular use cases and services;
- Hardware and software;
- Configuration of management automation features, infrastructure monitoring and auditing;
- Processes and Standard Operating Procedures (SOPs);
- Integrated threat intelligence.
CollectiveSight vs. SIEM
While at the first glance CollectiveSight and SIEM may seem very similar, however, they accommodate different needs and requirements. Below is a comparison of the two solutions:
- SIEMs are designed to work as security event information aggregators and analyzers for incident detection in a single enterprise while CollectiveSight provides a centralized approach;
- Sectorial or loosely connected organizations require alternative collective approaches, where data is collected, processed, stored and analyzed respecting the collective trust agreement;
- In case organizations already have well set-up SIEM systems on premises, CollectiveSight platform provides centralized sectorial security visibility.
The platform enables the sector or organization to:
- Be more transparent;
- Meet policy and compliance requirements;
- Have more trust in constituencies and/or divisions;
- Have an effective approach towards data loss prevention.