This pack provide automatic integration with Gatewatcher NDR solution : AIonIQ
Gatewatcher is a leader on Network Detection and Response (NDR) market.
AIonIQ optimize in real time, threat detection and incident response based on internal and public network flows. In a single pane of glace it provides a complete view to SOC expert on threat malicious activity on their network based on a consolidated risk score.
It combines multiple and automated engines applying behavioral analytics. Main engines are based on supervised machine learning (ML) engines, oriented threat use cases detection for example :
- Identify 0day suspicious activities on the network,
- Investigation post-breach research such as ransomware,
- Hunt insider threats,
- Detect possible lateral movements even if raw network packets are encrypted,
- Spot shadow IT
It also triggers alerts based on rules and signatures to spot anomalies. To complete its detection mechanisms, AIonIQ provide also file analysis to inspect malicious code execution. Every engine and meta data are enriched with internal Threat Intelligence capacities.
Thanks to this pack end-user could easily and quickly integrate AIonIQ with their own ecosystem and organization to automate and accelerate security incident management like :
- Pushing alert notification with all AIonIQ enrichment to the right internal SOC team
- Collecting additional information to enrich AIonIQ events
- Engaging automatically mitigation from AIonIQ outcomes
Entire Gatewatcher products are reachable by API integration, all features are available, Gatewatcher will continue to evolve in this direction adding new capabilities with this pack in the future.