Complete/Overwatch
1 min to check, 10 to triage, 60 to contain and eradicate malicious behavior
How does a SIEM collect logs?
It ingests logs through connector packs, processes them, then classify/correlates them
What three things do we need to provide pricing?
1. quantity/volume
2. modules
3. reseller
What does Insight help you determine?
Allows you to correlate data across your environment to determine whether the incident is an independent attack or part of a larger coordinated attack
who what when where and how
What does ITDR do?
Detects and stops identity based breaches in real time to prevent unauthorized access to systems and networks
What are the three operating model playbooks?
Cautious, measured, and active: varying levels of aggressiveness towards certain responsiveness
How is SIEM priced?
How many GBs of ingestion are free?
Daily ingest & retention period
10GB free ingest w/ a 7 day retention period
*remember: we do not charge for ingest of Insight*
What are some compliance requirements we can help orgs meet?
PCI DSS, HIPAA, FFIEC, PCI Forensics, NSA-CIRA, SOC 2, CSA-Star, AV Comparatives
What does Discover provide visibility into?
Assets, accounts, and applications.
What types of active directories do we support?
- Entra ID (formerly Azure AD, Microsoft's AD system)
- Active Directory (Windows)
- Domain Controller (on prem/physical AD)
- Ping ID & more
*we do not support jumpcloud*
What does the onboarding process look like for complete and how long does it take?
Customer fills out operating model & sends it back to their complete onboarding specialist
Complete team immediately configures policies based on what was outlined by customer
Average:5-10 days, just depends on when customer sends back operating model
What cloud platforms does FCS integrate with?
AWS, Azure, GCP
What is an IOA?
Behavioral based detections // Focus on patterns of behavior rather than indicators that a breach has already occurred // looking at the intent of adversary, outcomes trying to achieve, looking at execution of steps necessary to achieve objective
What is Spotlight?
vulnerability management
What main problem does ITDR solve?
- ADs are built on legacy technologies & largely considered one of the weakest link in an orgs cyber defense strategy
- identity driven attacks are extremely hard to detect
What are the different cloud licensing models?
reserved: how many sensors are needed at any given time (concurrent)
on demand: pre-paid bucket of hours (for scale and growth)
What modules require Prevent?
I have an IAM (identity access management) solution, why do I need ITDR?
IAMs are not designed primarily as security solutions, do not detect and prevent identity based attacks in real time. Lack deep visibility into endpoints, identities, user behavior, etc.
IAM = part of overarching strategy to manage digital identities
How do we protect our customers data?
We collect meta data
All data is tagged with unique, anonymous identifier values
What percentage of breaches involve stolen credentials?
80%