With cyber-attacks on the rise, companies are transforming their approach to security monitoring from reactive towards intelligence-driven security. We can help you empower your security teams, and your business, to perform better in the digital world with a next-generation Security Information and Event Management (SIEM) platform and Security Operations Center (SOC)
1. ASPEN
Advanced Security Processing ENgine
Next Generation SIEM + 24/7 Managed Security
ABSTRACT
With cyber-attacks on the rise, companies are transforming their
approach to security monitoring from reactive towards intelligence-
driven security. We can help you empower your security teams, and
your business, to perform better in the digital world with a next-
generation Security Information and Event Management (SIEM)
platform and Security Operations Center (SOC).
2. 1 OVERVIEW 1
2 SOLUTION 2
3 HIGHLIGHTS 3
4 SERVICES 4
5 KEY FEATURES 5
6 WHY ARE WE DIFFERENT 6
7 REFERENCES 7
3. 1 Next Generation SIEM Platform
Page 1
1 Overview
With cyber attacks on the rise, companies are transforming their
approaches to security monitoring - from reactive to intelligence-
driven security. This means being able to spot, examine, report and
respond to advanced threats quickly, using real-time security data.
We can help you empower your security teams and your business to
perform better in the digital world with a next-generation Security
Information and Event Management (SIEM) platform and consulting
Security Operations Center (SOC).
We work together with many organizations to optimize and improve
their cyber security using real-time threat intelligence and our
Security Operations Center (SOC) services, provided by
experienced analysts and security practitioners in the area of threat
prevention.
Our team comprises of highly qualified experts with over 20 years
of experience in data security, threat and vulnerability assessments,
design implementation and management of security solutions, and
cyber security consulting.
We are focused on innovation, proactive thinking and a future-
ready approach. We help our clients to build the best foundation for
moving from reacting to incidents towards applying analytics to
proactively manage cyber threats.
The Security Operations Center (SOC) is an external center for
monitoring and analysis of our clients’ IT infrastructure and systems.
Our SOC combines the latest tools, next generation SIEM platform
and our security monitoring best-practices to help you maintain a
safe environment. Our SOC makes dedicated security monitoring
expertise available to third parties, in a cost-efficient way. We offer a
variety of services to suit all the needs of enterprises, governments
and public sector organizations.
The Center also hosts training sessions that help clients enhance
their security monitoring and SOC skills and get the most from their
technology investment.
“the future
belongs to those
who can see it”
4. 2 Next Generation SIEM Platform
Page 2
2 Solution
ASPEN (Advanced Security Processing ENgine) leverages Big Data
technologies to deliver real-time threat intelligence, forensics and
incident response capabilities.
Built by a team of security professionals with 20+ years of
experience in cyber threat prevention, ASPEN is a leading next-gen
SIEM (Security Information and Event Management) solution that
brings features for security data collection, analysis and automated
threat remediation.
ASPEN is the only SIEM solution in the market that integrates digital
traps, enabling security practitioners to collect valuable cyber
intelligence.
ASPEN’s flexible architecture makes it easy to implement and
customize to meet the needs of enterprises and public sector
organizations of any size.
We combine ASPEN with its SOC (Security Operations Center)
services to a solution that addresses the widest spectrum of internal
and external threats organizations face today.
get more from
your SIEM
5. 3 Next Generation SIEM Platform
Page 3
3 Highlights
“GOOGLE LIKE” SEARCH
High-speed analytics powered by a modern Big Data Lake
platform for processing large volumes of data in real-time.
ASPEN platform enables security professionals to query data at
lightning fast speed - over 50 million events/msec.
ADAPTED TO YOUR BUSINESS
The software is highly flexible and can be tailored to the client’s unique
needs. No matter what business logic you have or how complex your
IT systems are, ASPEN lets you create correlation rules that meet
your business strategy, human factors and industry practices.
EMPOWER YOUR SECURITY TEAMS
Real-time event correlation capabilities provided by ASPEN enable
your security teams to proactively manage risk. A 3D view from a
single web console simplifies monitoring. Digital forensics, based on
real-time data, can be quickly transformed into insights that help
shorten containment time.
KNOW YOUR ENEMY
ASPEN is the only SIEM platform that integrates trap deception tools
- digital clones of your IT systems, designed to entice attackers. Besides
reducing false positives, ASPEN’s digital traps also allow your teams to
acquire valuable knowledge about the latest attack vectors, which
gives your company a valuable head start over adversaries
KEEP YOUR FINGER ON THE PULSE
Unlike other SEIM products, ASPEN embeds business context in
security analytics. It delivers alters that give you visibility into end users’
activities on desktops, servers and network devices. This helps to
prevent human error and mitigate malicious attacks before any
damage can occur.
• less than 5 ms
detection time
• unlimited log
storage
• regular reports
• C-Level
dashboard
6. 4 Next Generation SIEM Platform
Page 4
4 Services
System Analysis
Our cyber security team will examine every nook and cranny of your IT
environment in order to understand the architecture of your systems,
pinpoint weaknesses and offer recommendations on how to redesign
the systems.
Vulnerability Assessment and Penetration Testing
Our RED Team of ethical hackers will simulate real-world attacks to test
the vulnerabilities in your IT environment. We will identify security gaps
and flaws in your business-critical systems, as well as their potential
impacts. Afterwards, we will create a report with detailed information
about your weak spots and recommendations for improvement.
System Dimensioning and Planning
Working closely with you, our team will rank critical indicators
according to importance and will implement event correlation rules.
During this stage, we will create an estimated timeframe for ASPEN
implementation.
Implementation and Go-live
The implementation of ASPEN includes a number of different steps,
which will vary based on the number of correlation rules and the client’s
needs.
Monitoring
After go-live, our team of security analysts will provide 24/7 monitoring
of your IT systems. This includes end-to-end monitoring, incident alerts
and reporting based on real-time log data. Depending on your
requirements, we can also help you set up automated responses to
specific security incidents.
User Training and Development
The end-user training is a fundamental step in any SIEM
implementation. The goal is educating users about ASPEN - its threat
7. 5 Next Generation SIEM Platform
Page 5
intelligence, forensics, digital traps and threat remediation capabilities
- in order to reduce the likelihood and impact of critical events. You can
benefit on various types of education on demand, including cyber
awareness and cyber analytics training.
5 Key Features
Deception is a trick or scheme used to force an attacker to think
he is accessing real assets in order to confuse him and detect his
action. We provide traps at every possible step of an attacker, from
traps deployed at external services to traps deployed at internal
memory of every workstation or IoT device
Threat intelligence is evidence-based knowledge, including
context, mechanisms, indicators, implications, and action-oriented
advice about an existing or emerging menace or hazard to assets.
Threat Intelligence is the process of gathering information about
cyber attacks around the world for purpose of recognising similar
attacks against your customers.
Cyber security monitoring&surveillance provide real-
time visibility into an organization's security posture, by constantly
monitoring of people, processes, systems and network events and
performing in real time correlation with external and internal data for
purpose of detection of cyber security incidents.
Auto remediation is an approach to automation that responds
to security events with automations able to fix, or remediate detected
cyber attack.
Automated penetration testing is a penetration testing
performed by artificial intelligence algorithms, using knowledge
based on attack vectors and exploits collected from our traps.
ASPEN creates digital clones as active traps
ASPEN performs both historical and real time (<5ms) correlation
ASPEN offer visual reconstruction (“forensics on a click”)
ASPEN do data anonymization and pseudonymization in real time
ASPEN performs real time correlation with Threat Intelligence data
ASPEN integrates with 80+ antiviruses
ASPEN performs automatic noise events elimination
ASPEN offer real time auto remediation
8. 6 Next Generation SIEM Platform
Page 6
ASPEN can:
• store unlimited amount of data
• anonymize/pseudonymize private data in real time
• get any log from a day years ago in less than 10sec
• detect real time connections with threat hosts
• deceit attackers and block them automatically
• detect attacks by events correlation
• learn about your specific IoT/IT device unknown vulnerabilities
• track visually any of your systems/users
• process even 50,000 events per second on a single host
6 Why are we different
BUSINESS MODEL
COMPETITION ASPEN
Standard Perm licence +
security add-on cost:
No data limits, fixed price for
one organisation, based on
features list
No SLA, no guarantees
Guaranteed for agreed service
up to 80% TCV
Additional data sources (e.g.
IoT, Threat Intelligence) are
paid additionally
No additional cost per data
source types
No integrated data
anonymization /
pseudonimization
Integrated data anonymization
/ pseudonimization
No Threats Intelligence data
integration & correlation
Integrated Open Source Treat
intelligence
(~1,000,000 threat indicators
per day)
No traps (deception) integrated Integrated deception (traps)
No multi antivirus check
Integrated multi antivirus check
(80+AV)
TECHNICAL PERFORMANCE (HARDWARE NEEDS)
9. 7 Next Generation SIEM Platform
Page 7
TEST
50,000 EPS for a Telecom provider, doing anonymization & real
time correlation
COMPETITION ASPEN
Indexer cluster:
• 96 nodes x 56CPU cores =
5376 CPU
• 96 nodes x 512MB = 48GB
RAM
Search cluster:
• 8 nodes x 80CPU = 640
CPU
• 8 nodes x 1024GB =
8192GB RAM
Data volume per day = 6TB
ASPEN real time correlation
cluster:
• 2 nodes x 17CPU cores =
38 CPUs
• 2 nodes x 20GB RAM =
40GB
Big data cluster:
• 10 CPU cores + 80GB RAM
Data volume per day = 5-7TB
Total:
6016CPU + 8240GB RAM
Total:
48CPU + 120GB RAM
7 References
• Athens (Greece) for Olympic Games
• Torino (Italy) for Olympic Games and Telecom Operator
• Beijing (China) for largest ever Olympics
• Singapore (Singapore) for Youth Olympic Games
• Kuala Lumpur (Malaysia) for regional Atos SOC services
• Bydgoszcz (Poland) for Global Siemens Security Operations
• Astana (Kazakhstan) for TSC Corporation (banking, insurance)
• Belgrade (Serbia) for Government of Serbia
• Bangkok (Thailand) for commercial SOC services
Proud of our
team and
solution