The SOC In A Box

Enterprise Grade Security. Small Business Priced. Monitored By CyFlare 24×7 SOC. 

What's In The Box?

Superior Monitoring Platform. Expert Analysts & Incident Response. Summarized Monthly Reporting.

Breach Detection
Hyper-Paranoid Breach Detection Service. AI Based.
24x7 Security Analysts
Dedicated Technical Account Manager. Constant Incident Monitoring & Response.
Executive Security Dashboard
Manually created each month by the Technical Account Manager to summarize key indicators.

The Benefits

The 100 Series Pulse appliance provides a true easy button for cyber security.
We watch your network traffic flows, ingest logs and enable compliance.

Pre-Configured
Our team will pre-configure the appliance before shipping. We "burn in" all appliances for 72 hours.
High performance
Monitor up to 3gbps of traffic per appliance. Higher density models are available for large deployments.
Month To Month
We earn the business monthly offering no long term contracts for the Pulse offering.
Superior Technology
Feature rich cyber security platform with features unmatched by competitive SOC providers.
Enable Compliance
The security controls built in enable common compliance controls such as HIPAA, NIST, PCI and ISO 27001.
Deploys In Minutes
With a few simple firewall changes the SOC in a Box is enabled.

Technical Capabilities

Pulse is not your average log collection and monitoring solution. Superior collection and detection has been purpose built into the platform.  Below are just some of the features packed into “The Box".

Features

  • Machine Learning (Supervised & Unsupervised) Real Time Kill Chain Breach Detection
  • Asset Discovery
  • Historical Forensic Investigation
  • Network Traffic Analysis
  • Application Performance Monitoring
  • Centralized Management
  • Malware Sandbox
  • Next Generation Intrusion Detection System
  • Anti-Virus
  • SIEM (Syslog, IPFIX, Aella Flow)
  • Deep Packet Inspection (3,000+ applications)
  • Application Identifcation & Metadata extraction Service Visualization
  • User visibility & tracking (Auth Log, AD, Kerberos, Radius)
  • Digitial Certificate Visibility
  • Geo Location Feeds
  • Threat Intelligence Feeds
  • Threat Intelligence Sharing
  • Firewall Enforcement Integration (Palo Alto Networks, Fortinet, AWS)
  • SIEM Integration (Splunk, Elasticsearch)
  • Orchestration Integration (Phantom)
  • Alerting
  • Reporting
  • Data Processor / Data Lake Clustering & High Availability
  • Multi-tenancy support
  • Multi-tenant machine learning
  • Multi-site ML

Detections

  • Reconn

Port scan & IP address sweeping

Brute force login failures (SSH, AD, SQL)

Brute force login success (SSH, AD, SQL) Login location anomaly detection

Web directory scan detection

Malicious user agent detection

Phishing detection

Malicious reputation detection

Delivery

Zero day malware detection

Known malware detection

Lateral malware movement detection Ransomware detection

Spyware detection

Trojan detection

Virus detection

Exploitation

Known exploit detection (80,000+)

Zero day exploit detection

Process anomaly detection

Installation

File creation detection

File modification detection

Command & Control

C&C server reputation (50,000+)

Resolvable DGA detection

Command execution anomaly detection

SQL command line execution detection

Exfilitration & Actions

DNS tunneling detection

Denial of service detection (Syn Flood)

Anomalous outbound traffic detection

Bitcoin mining detection

Network Traffic

Geographic anomaly detection

Session duration anomaly detection

Anomalous inbound traffic detection

Abnormal smb traffic detection

Environment Support

  • AWS
  • Azure
  • Google Cloud Platform
  • VMWare
  • KVM
  • HyperV

Operating Systems (Agent)

  • Ubuntu
  • Debian
  • Red Hat
  • Centos
  • Docker
  • Windows

Data Capture Methods

Port mirroring

Physical Network tapping

Virtual Network tapping

Agent

VXLAN

GRE

Logs

Netflow / IPFIX