SPiDER ExD
Commencement of the eXtended Detection Investigation
Response framework
Integrated SIEM solution enhancing security operational
efficiency from a comprehensive perspective
What is SPiDER ExD?
With the digital transformation, the expanding attack surface provides cyber attackers with more targets, leading to an increasing challenge for businesses to
counter new and evolving threats. Today's security organizations must ensure visibility into the exponentially generated diverse security data to enhance
detection accuracy and response speed against advanced threats.
However, security analysts and resources for this are limited. As the security landscape becomes more complex, solutions must also evolve accordingly.
A next-generation SIEM solution is needed to enhance the efficiency of security operations from a comprehensive perspective.
Commencement of the eXtended Detection Investigation Response framework
Advantages
High availability
Leveraging cluster-based big data architecture and Replica function to ensure service reliability
-
1
Cluster-based Parallel Node expansion
Guaranteed scalability as log increases(Scale-Out) Ability to evenly distribute existing data nodes and storage capacity when new nodes are added Minimizes the time required for expansion without service interruption and ensures convenience of management through central management
-
2
Distributed storage / retrieval
Distribute refined event logs to each data node for storage on a condition basis (Default: Day)
-
3
Duplicated Storing
Store preprocessed event logs on two or more distributed nodes to ensure uninterrupted operation in case of storage device failure Duplicated data are created and stored separately from the stored data, and are distributed and stored on different data nodes Automatic recovery using duplicated data in case of data node (server) failure
-
4
Compression / Encryption / Backup
Stored log data is compressed for efficient use of disk storage space For cold data, encryption is applied at the file level before storage Data backup and deletion management are performed according to backup configuration policies
Enhancing convenience of data retrieval and accuracy of analysis
Securing a high level of data analysis accuracy based on one-step enhanced loading and retrieval capabilities
-
1
Normalization for Collection and Loading
Supports setting of each field using regular expressions without separate development of original log through user-defined parser function The indexing fields generated thereby are utilized for search and analysis, enhancing data search convenience and analytical efficiency
-
2
Enhanced Log Searching
Log search possible based on complex criteria (AND, OR, NOT, etc.) Original logs, along with all indexed fields, are displayed, and additional information such as country and harmful IP details Various search functionalities are offered, including custom searches and interactive searches
-
3
Real-time Analysis and Detection
Utilizing in-memory technology for swift analysis, real-time log analysis to enhance detection accuracy An extended analysis engine integrates SIEM and AI analysis models, providing advanced analytical capabilities
-
4
Advanced Search-Based Analysis
Various analysis condition settings, including specific conditions and regular expressions, are supported for all fields of collected logs Exception condition functionality based on detection rules is provided, allowing for exceptions to be set for specific days and times Constructs a reputation DB based on collected data and provides analysis functions through data from the DB
Extensive Scalability
Easy functional extension through platform-based architecture
Open API integration solution
-
SOAR
Security Orchestration,
Automation, and
Response -
AI
Supervised/Unsupervised
analysis based on
mashine learning -
Vulnerability Assessment
Inegration with vulnerability assessment solutions and
correlation of results -
Cyber Threat Intelligence (CTI)
Integration with threat intelligence, risky IPs, URLs, loCs, and detection policies
-
Dashboards
User defined dashboards
-
Information Security Portal
Portal for affiliated organizations coordination
-
Information Security Solution
Integration of blocking and policy
-
Integration with asset management solutions and system managment solutions
-
SOAR
Security Orchestration,
Automation, and
Response -
AI
Supervised/Unsupervised
analysis based on
mashine learning -
Vulnerability Assessment
Inegration with vulnerability assessment solutions and
correlation of results -
Cyber Threat Intelligence (CTI)
Integration with threat intelligence, risky IPs, URLs, loCs, and detection policies
-
Dashboards
User defined dashboards
-
Information Security Portal
Portal for affiliated organizations coordination
-
Information Security Solution
Integration of blocking and policy
-
Integration with asset management solutions and system managment solutions
Advanced Threat Detection and Response
Provides advanced threat detection, additional features, and integration support
Key Features
SPiDER ExD is the most comprehensive SIEM solution that supports flexible expansion and integration of security functionalities. Through a container-centric platform and UI integration, it enables an eXtended Detection Investigation Response (XDIR) architecture.
System Structure
By organically integrating cast security data and internal/external threat intelligence
Commencement of the eXtended Detection Investigation Response framework
Expected Effect
With SPiDER ExD, experience Expanded Detection, Diversified Analysis, and Accelerated Response.
SPiDER ExD will secure integrated visibility covering the entire attack surface and proactively respond to the constantly changing IT environment through the collection of vast security data, highly accurate analysis, implementation of automated response processes, and broad integration and expansion of security functions.