SPiDER ExD

Commencement of the eXtended Detection Investigation
Response framework
Integrated SIEM solution enhancing security operational
efficiency from a comprehensive perspective

What is SPiDER ExD?

With the digital transformation, the expanding attack surface provides cyber attackers with more targets, leading to an increasing challenge for businesses to counter new and evolving threats. Today's security organizations must ensure visibility into the exponentially generated diverse security data to enhance detection accuracy and response speed against advanced threats.

However, security analysts and resources for this are limited. As the security landscape becomes more complex, solutions must also evolve accordingly.

A next-generation SIEM solution is needed to enhance the efficiency of security operations from a comprehensive perspective.

Commencement of the eXtended Detection Investigation Response framework

Advantages

High availability

Leveraging cluster-based big data architecture and Replica function to ensure service reliability

  • 1

    Cluster-based Parallel Node expansion

    Guaranteed scalability as log increases(Scale-Out) Ability to evenly distribute existing data nodes and storage capacity when new nodes are added Minimizes the time required for expansion without service interruption and ensures convenience of management through central management

  • 2

    Distributed storage / retrieval

    Distribute refined event logs to each data node for storage on a condition basis (Default: Day)

  • 3

    Duplicated Storing

    Store preprocessed event logs on two or more distributed nodes to ensure uninterrupted operation in case of storage device failure Duplicated data are created and stored separately from the stored data, and are distributed and stored on different data nodes Automatic recovery using duplicated data in case of data node (server) failure

  • 4

    Compression / Encryption / Backup

    Stored log data is compressed for efficient use of disk storage space For cold data, encryption is applied at the file level before storage Data backup and deletion management are performed according to backup configuration policies

Enhancing convenience of data retrieval and accuracy of analysis

Securing a high level of data analysis accuracy based on one-step enhanced loading and retrieval capabilities

  • 1

    Normalization for Collection and Loading

    Supports setting of each field using regular expressions without separate development of original log through user-defined parser function The indexing fields generated thereby are utilized for search and analysis, enhancing data search convenience and analytical efficiency

  • 2

    Enhanced Log Searching

    Log search possible based on complex criteria (AND, OR, NOT, etc.) Original logs, along with all indexed fields, are displayed, and additional information such as country and harmful IP details Various search functionalities are offered, including custom searches and interactive searches

  • 3

    Real-time Analysis and Detection

    Utilizing in-memory technology for swift analysis, real-time log analysis to enhance detection accuracy An extended analysis engine integrates SIEM and AI analysis models, providing advanced analytical capabilities

  • 4

    Advanced Search-Based Analysis

    Various analysis condition settings, including specific conditions and regular expressions, are supported for all fields of collected logs Exception condition functionality based on detection rules is provided, allowing for exceptions to be set for specific days and times Constructs a reputation DB based on collected data and provides analysis functions through data from the DB

Extensive Scalability

Easy functional extension through platform-based architecture

Open API integration solution

  • SOAR

    Security Orchestration,
    Automation, and
    Response

  • AI

    Supervised/Unsupervised
    analysis based on
    mashine learning

  • Vulnerability Assessment

    Inegration with vulnerability assessment solutions and
    correlation of results

  • Cyber Threat Intelligence (CTI)

    Integration with threat intelligence, risky IPs, URLs, loCs, and detection policies

  • Dashboards

    User defined dashboards

  • Information Security Portal

    Portal for affiliated organizations coordination

  • Information Security Solution

    Integration of blocking and policy

  • Integration with asset management solutions and system managment solutions

  • SOAR

    Security Orchestration,
    Automation, and
    Response

  • AI

    Supervised/Unsupervised
    analysis based on
    mashine learning

  • Vulnerability Assessment

    Inegration with vulnerability assessment solutions and
    correlation of results

  • Cyber Threat Intelligence (CTI)

    Integration with threat intelligence, risky IPs, URLs, loCs, and detection policies

  • Dashboards

    User defined dashboards

  • Information Security Portal

    Portal for affiliated organizations coordination

  • Information Security Solution

    Integration of blocking and policy

  • Integration with asset management solutions and system managment solutions

Advanced Threat Detection and Response

Provides advanced threat detection, additional features, and integration support

Key Features

SPiDER ExD is the most comprehensive SIEM solution that supports flexible expansion and integration of security functionalities. Through a container-centric platform and UI integration, it enables an eXtended Detection Investigation Response (XDIR) architecture.

System Structure

By organically integrating cast security data and internal/external threat intelligence
Commencement of the eXtended Detection Investigation Response framework

Expected Effect

With SPiDER ExD, experience Expanded Detection, Diversified Analysis, and Accelerated Response.

SPiDER ExD will secure integrated visibility covering the entire attack surface and proactively respond to the constantly changing IT environment through the collection of vast security data, highly accurate analysis, implementation of automated response processes, and broad integration and expansion of security functions.