Datasheet

Seceon aiSIEM helps organizations visualize user activities,

network traffic flows, anomalous behaviors and host-based
suspicious processes through a single pane of glass while
Comprehensive Visibility
ensuring cyber threats, exploits and attacks are detected
early and accurately with automated intelligence, advanced Uncover myriads of threat
correlation and real-time analytics. The solution empowers vectors lurking inside auto-
SOC analysts to respond to real alerts by cutting out the discovered hosts, network, cloud,
noise and providing a simplified path to threat containment OT and IoT with 360° inference
and risk mitigation. drawn from events, network
traffic, packets, identities and
Advanced event correlation (on-prem and cloud) and
behavioral patterns with AI and Dynamic Threat Models behavioral patterns.

Behavior baselining and profiling for anomaly detection

leveraging Machine Learning techniques Mean Time to Identify
and Respond
Contextual enrichment with threat intelligence (70+
sources), vulnerability assessment and historical data
Considerably shorten Mean-
Exhaustive reporting across several key areas - security,
compliance, operations and investigation Time-To-Identify (MTTI) and
Mean-Time-To-Response (MTTR)
Rules based policy creation, enforcement and notification with automated threat detection
for appropriate action and governance and remediation in real-time and
near real-time through registered
alerts, critical and major.

Reduction in Operational
Backlog and Human Error

Significantly reduce operational

backlog and human error with
Dynamic Threat Models and
Advanced Correlation
orchestrated through Artificial
Intelligence, avoiding weeks of
custom correlation, tuning and
human error.
 Array of Use Cases and Threat Vectors Addressed
by Seceon aiSIEM

▪ Cyber Crime
Continuous Compliance Malware <> Ransomware <> Advanced Persistence
Threats, Botnet Detection <> Trojan Activity
Ensure compliance 24x7 through ▪ Insider Threat
regulation focused audit and Malicious Insider <> Compromised Credentials <>
reporting on PCI-DSS, HIPAA, Privilege Misuse <> Suspicious Login
NIST, GDPR and more, in addition ▪ DDoS
to security posture, operations
Application Layer <> Volumetric <> SYN-ACK
and investigations reporting. Flooding <> Amplification Attacks
▪ Web Exploits
SQL Injection <> Cross-Site Scripting <> Local File
Inclusion <> Directory Traversal <> Remote File
Accuracy and Speed
Execution <> Cross-Site Request Forgery
▪ Brute-Force
Gain edge over adversaries and
Password Spraying <> Dictionary Attack <>
hackers with real-time processing Credential Surfing
of big/fast data at speed,
▪ Other
combined with behavioral
anomalies and threat intelligence Data/IP Exfiltration <> IoT/IIoT Cybersecurity <>
to arrive at validated threat OT/ICS Cybersecurity
indicators.

New Process Process seen Suspicious

Connection on New Host Process Detection
Scalability and Flexibility
Malware Threat Detection
Automated with AI based Dynamic Threat Model
Harness the power of flexible
deployment through on-premise,
cloud or MSP hosted solution
spanning multiple sites – data
New Connection on
center and branch offices – with a Port by a Process
Windows Exploit Evasion

multi-tenancy and data

segregation at the core of
Key Technology Components of Seceon aiSIEM
platform architecture.
Control & Collections Engine (CCE)
The CCE orchestrates collection of events and network
flow data across assets deployed within the enterprise
System Requirements and cloud. It applies intelligent detection for
enrichment of structured and unstructured data before
CCE: Virtual or Physical Machine with 4 Core routing to the OTM core through a secure connection.
CPU, 4 GB RAM, 256 GB HDD, 1 GigE Network Analytics & Processing Engine (APE)
Interface The APE forms the core of aiSIEM, processing high-
APE: Virtual or Physical Machine with 32 volume high-velocity data in real-time, while feeding
Cores CPU, 128 GB DRAM, 2 TB NVMe SSD threat intelligence, behavioral anomalies, historical
(30K/10K IOPS) context and vulnerability scan results to dynamic threat
models running on AI and ML based engines.
LTS: 40 TB HDD
Long Term Storage (LTS)
CCE can be deployed on-premise (ideally close to
The LTS compresses, encrypts and stores log data – on-
the main network switch) or in cloud. APE and LTS
are bundled together and hosted on-premise or in premise or cloud, for archival and compliance (upto 7
cloud. years). Forensic search can be conducted through
simple queries and Boolean operations.
Dashboard: Get a summary view of 7 Days
Open/Close Status, Top Alerts by Threat
Type, Top Users and Hosts with Critical &
Major Alerts

Behavioral Analytics: Have a quick curated

349,010,831
understanding of your user behavior - Events Analyzed
ranging from Abnormal Logins and File
Access to potential Insider Threat activity

Only Alerts that Matter

and Brute Force attack 1/20

Alerts Analysis: Understand the nature of 2,978,381

alerts and underlying threat indicators,
including assets and users impacted. Drill Threat Indicators
down further to look at the event or network
flow attributes (Source IP, Destination IP,
Detected
Event Type, Timestamp, Process Name etc.)
1/5000
Threat Hunting: Dive deeper into threat
indicators across various sources - network,
host, device and ML - and drill down into
7
the actual event with rich contextual data Critical &
(Event Type, Source, Host, Destination, User
Name etc) presented in easy-to-read format.
Major Alerts

MITRE ATT&CK: Get a consolidated view of

Tactics and Techniques adopted by
adversaries, mapped into sub-techniques
and threat indicators - offering granular
details on underlying events

Compliance Reporting & Audit: Stay

current and stay informed with regulatory
compliance check and balances all the time
- PCI-DSS, HIPAA, NIST, GDPR etc - even as
your business grows with users, assets and
digital footprint

Auto-Remediation: Define specific criteria

for auto-remediation based on severity type,
confidence level, security alert type and asset
category, including action path (Firewall,
NAC, EDR) and schedule, causing minimum
disruption to business.

Provisioning & Administration: Set up

Policy Controls, Blacklist/ Whitelist,
Application Constructs, Cloud Configuration,
Asset Discovery, MFA, Encryption – through
unified User Interface

[email protected], 238 Littleton Road Suite #206 Westford,

[email protected] MA 01886,USA
www.seceon.com +1 (978)-923-0040