Advantages

• 1

  Knowhow

  Playbook reflecting over 20 years of security monitoring know-how

  Playbook designed and developed, based on IGLOO Corporation’s security monitoring know-how accumulated for over 20 years (monitoring process verified in various monitoring sites such as private / public / financial sites)

  Continuous development and support of Playbook by an organization dedicated to security monitoring research (Playbook based on more than 20 scenarios is provided when the product is purchased. )

• 2

  SOC Optimization

  Optimized for domestic Security Operation Center​ work

  Automatic response based on playbook as well as manual response by the security officer (with Automatic & Manual Response function )

  In addition to security responses, it is possible to respond to system failures through alarm interlocking

• 3

  Automation

  Auto-blocking through IGLOO Alliance linkage

  Operating the IGLOO alliance agreement model

  Interworking and automatic blocking with the largest security solutions in Korea

  Interworking with various products (e.g., F/W, IPS, and NAC, etc.) for auto-blocking (Continuous expansion of interworking with security solutions used for building the largest number of sites in Korea, such as SECUI(firewall) and WINS(IPS))

• 4

  Response Efficiency​

  Enhanced response efficiency through AI and TI interworking​

  Threat intelligence information provision and linkage by interworking with IGLOO CTI, the only continuous service in Korea​ (In connection with more than ​120 customers )

  Enhanced automatic response efficiency by linking with the analysis results of the machine learning-based security monitoring system​ (Linked to ML-based monitoring ​solutions such as SPiDER TM AI Edition)

Main Features

• 1

  Implementing Security Monitoring Orchestration Through interworking with heterogeneous security solutions

• 2

  Based on 20 years of monitoring know-how Implementing Playbook-based Orchestration & Automation

• 3

  Implementing Intelligent Automation Response and Threat Intelligence Feed Through linking with SIEM, ML-based security monitoring system, threat intelligence, asset information & vulnerabilities

• 4

  Interworking with the largest security solution in Korea and automatic blocking Through the IGLOO Alliance

• 5

  Improving the efficiency of the security monitoring center’s response process Through automatic real-time alert response (Automation & Response )

• 6

  Real-time Alert manual process Based on the phased process to improve the efficiency of simple and repetitive labor-intensive work processes

• 7

  Playbook optimized for security monitoring center With over 20 years of know-how accumulated in customer security analysis and monitoring service

• 8

  Automatic ∙ manual security monitoring response and visualization of threat-oriented response process Based on the security monitoring process

System Structure

Automated SOAR-based Security Monitoring System Implementation, linking SIEM, Machine Learning-based security monitoring system, Vulnerability information, and Threat Intelligence.

Introduction Effect

This solution can efficiently select and respond to each alarm event by sharing threat information, interworking among various information protection products, and automating simple and repetitive tasks manually handled. In addition, it can level up threat assessment and response by establishing a standardized response system based on Playbook.

• Traditional Security Monitoring

  All Long​ time response

  Irregular response quality

  Lack of process visibility

  Most of the workers handling simple repetitive tasks

• SPiDER SOAR-based Security Monitoring

  Reduces response time and makes faster decisions

  Raises the level of response quality

  Gains process visibility

  Assigning experts to analysis work requiring human judgment

  Possible to support manual & automatic real-time monitoring response

  MTTR, MTTD, and ROI Indicators