motion2insights
Loading
Loading
OSCAR provides security teams with an intelligent Security Operations Center. By taking advantage of its Big Data architecture, OSCAR helps to work smarter in the SOC and provides advanced analysis tools and processes, as well as a variety of automation functions. OSCAR focuses on OT and IT. SOAR processes paired with machine learning can start automated processes where you think so and provide user intervention messages with decision support where automation is not desired.
Security information and event management delivers real-time event capture, monitoring, correlation and analysis of events across heterogeneous sources in a big data environment. Company data is monitored and protected from increasingly sophisticated cyber threats. The ever-increasing flood of data in companies offers more and more targets for attack. The simplicity of the SIEM has reduced the complexity of the work of a security incident manager and security analyst. Big data prevents the classic silos in the IT infrastructure.
OSCAR uses a manageable number of extremely powerful ingestion pipelines. These pipelines take care of the data streams from already existing data sources into the SOCs. The data is normalized, filtered, transformed or enriched. Among other things, we use HDFS-based tools for OSCAR’s data ingestion strategy. In our machine learning pipelines, data collection takes place online and offline. The data is examined, transformed and sent to feature engineering. We use Chi-Squared and other mathematical approaches for statistical testing to determine the impact of a feature according to the trained machine learning models. We use dedicated pipelines for each of our models. Our average hit rate for ML based threat detection is 99.7%.
OSCAR continuously captures security events in data sources. Threats are reliably detected through the use of excellent and certified technologies and comprehensive data correlation. Our SOC offers you error-tolerant and more valid threat detection, among other things through data correlation. Detection is real-time and retrospective. The visibility in the SOC through the panels is continuously optimized. OSCAR is highly scalable, extremely high-performing and cost-transparent. We have already incorporated our ML-based autopilot into the threat analysis. SOAR tools automate at the defense level. OSCAR’s pattern-based use cases are also available as ML-based ones. OSCAR provides automated pentesting and simulations to a certain extent. Maturity increases from project to project.
In OSCAR, incidents are pre-evaluated using an extended MITER ATT&CK framework. Finally, only the critical alarms are evaluated by incident managers, security analysts, IT forensic scientists and red teams in order to make guaranteed reliable decisions for further handling of the attack – or for counteracting or defending against it. OSCAR can be set up so that our autopilot initiates the remediation of threats or attacks, or even just suggests to the operator how best to remediate the disruption. The final decision can be made through user intervention.
In the event of an incident, your SOC team can initiate countermeasures and carry out isolation. Depending on the strength of the attack, the autopilots can be added to help with research, evaluation and defense. They provide another helping hand for the SOAR level through automated actions for more efficient analysis and coordination of countermeasures. OSCAR can handle repetitive simple things so the SOC team can focus on the core of offense and defense.
