CyberQuest was designed to closely reflect your real-life business. By constantly challenging cross-platform and multi-technology metadata aggregation and correlation, we managed to understand the equation of information overload that our customers are facing and to solve it.
CyberQuest collects and correlates data from the entire infrastructure, from existing SIEM systems, business applications and other security tools, such as vulnerability management solutions, IDS / IPS, Data Loss Prevention tools, Firewalls.
CyberQuest intelligently enriches, transforms, manages, correlates and integrates data and adds business intelligence to security data, from Active Directory, business applications or IAM solutions.
CyberQuest brings order into chaos by ensuring multiple data-source and platform correlation, regardless of the technology used.
CyberQuest offers one single point of access to security data and makes it available for fraud detection, cybersecurity, internal security or compliance: all in one place, for enhanced decision-making capabilities.
DETECT INCIDENTS AND ANOMALIES: GET INFORMATION BASED ON USER, IP, COMPUTER
CyberQuest uses the latest generation No-SQL database, being able to find related data based on specific criteria in terms of seconds, instead of hours in the case of traditional database technologies.
INVESTIGATE & CORRELATE: USE GRAPHICAL, INTERACTIVE DRILL UPS / DRILL DOWNS
The investigation module presents the audited data using a graphical interface, enabling security investigators to access the correlated view of security information through a single dashboard. Audit trees are context sensitive and contain correlated data based on predefined user criteria.
READY-TO-USE TECHNOLOGY & COMPLIANCE REPORTS
CyberQuest’s set of predefined, scheduled reports ensure compliance based on internationally recognized standards and frameworks ISO 27001, COBIT, FISMA, HIPPA, PCI/DSS, SOX.
USER-DEFINED OR BUILT-IN REAL-TIME ALERTS: TECHNOLOGY, APPLICATIONS, INCIDENTS, FRAUD
CyberQuest contains an innovative alerting system with user-defined alerts, addressing the most specific security requirements, ensuring great accuracy and minimum false alerts, in order to enable immediate measures.
CASE & INCIDENT MANAGEMENT
With CyberQuest’s powerful dashboards, you can make rapid, informed decisions and react to alerts, incidents and anomalies in real-time.
Data is quickly sliced and thoroughly organized into multiple categories of information, to offer real-time, context-sensitive overviews. This context can be very simple, from data filtered on just a plain user, machine, IP address or any combination of these, to very complex, based on logical expressions.
Compromised Users Detection
Pinpointing all suspicious users accounts, based on its sophisticated Anomaly Analyzer self-learning mechanism, without the use of predefined rules or heuristics.
Connections can be genuine or bogus. Suspicious behavior may include connection attempts on closed ports, blocked internal connections, a connection made to bad destinations etc., using data from firewalls, network devices or flow data. External sources can be further enriched to discover the domain name, country and geographical details.
Abnormal Administrative Behavior
Monitoring inactive accounts, accounts with unchanged passwords, abnormal account management activities etc., using data from AD account management related activities.
Intrusion Detection and Infections
This can be done by using data from IDS/IPS, antivirus, anti-malware applications, firewall logs, NIPS alerts and Web proxy logs, as well as internal connectivity logs, network flows, etc.
Statistical analysis can be done to study the nature of data. Functions like average, median, quartile etc. can be used for this purpose. Numerical data from all kind of sources can be used to monitor relations like the ratio of inbound to outbound bandwidth usage, data usage per application, response time comparison etc.
System Change Activities
Using collected data for quickly identifying the changes in configurations, audit configuration changes, policy changes, policy violations and the like.
Malicious Insider Identification
Edward Snowden is the most famous example of a legitimate contractor who accessed, collected and made use of highly sensitive data from the NSA, the company he was serving. This proves that no organization is immune to inside threats of this kind.
CyberQuest is able to identify users and contractors having a high-risk activity or access sensitive data, by investigating their behavior history log by log, second after second.
Data exfiltration attempts, information leakage through emails etc., using data from mail servers, file sharing applications etc.
Malicious Intruders Identification
There is a person within the company’s structure who was monitored, investigated and recognized for security information leak/stealing. The company’s security team would like to be alerted as soon as he sets foot in the building.
The native integration with physical security module NEC NeoFace® allows CyberQuest to alert security admins immediately when a blacklisted/whitelisted person passes in front of a registered camera within the CCTV network. The application automatically sends an email/message alert in real time.
Abnormal authentication attempts, off-hour authentication attempts etc., using data from Windows, UNIX and any other business application that requires authentication.
Sensitive Data Access Investigation
The access of enterprise users to databases, file share systems and applications may have hidden, high-risk patterns. While some actions may be considered more suspicious than others, access becomes riskier when it’s in the hands of certain high-risk users.
CyberQuest uses its dedicated set of innovative modules to analyze users’ access to databases, file share systems, and applications, and to automatically pinpoint suspicious access activities.
Multiple sources (internal/external) making session requests for a particular user account during a given time frame, using login data from sources like Windows, Unix etc.
Security Events Verification
Information Security needs second prioritization of events for monitoring, by enriching SIEM/FW/IDS/DLP systems with big data machine learning-based analytics on users. SIEM systems manage rule-based events that are correlated and prioritized in real-time. CyberQuest ensures a better prioritization of events, based on non-rule-based big data and historical data analysis.