Cyber-Attacks – Monitoring, Prediction, and Confrontation   

  • SIEM

The LogSentinel reactive security operations platform continues to integrate new cyber defense capabilities, source tracking and combat. The system integrates AI, XDR (EDR, NDR, MDR), scouting, surveillance, traceability, protection, response and confrontation capabilities. 

The AI ​​module for combat-oriented operations identifies risks before the attack, intercepts, monitors, tracks, performs emergency automated responses during the attack, modifies and adjusts its strategic models after the attack. 

Through correlation mining of threat data and identification of attackers, specialized neural networks are used to further quickly identify attack methods, reverse hacker localization and perform attack source traceability analysis and reactive preemptive response, such as the intelligent upgrade of XDR. 

The platform includes intelligent advanced threat detection and response capabilities, which greatly improves the efficiency of customers’ security operations, improves the accuracy of threat detection, saves personnel costs, shortens emergency response time, and realizes cost reduction and increase efficiency in security operations. 

LogSentinel is a new generation reactive security operational solution that includes platform + components + services. The AI ​​module generates attack fragments that are automatically integrated into attack events and combined with the capabilities of security experts, automatic attack research and assessment, standardized response processing, and more efficient attack event processing, which in ultimately effectively supports normalized security operations and enables reactive network security. 

Confrontation between cyber-attack and defense is becoming more and more fierce, attackers are also evolving and developing in a more intelligent and stealthy direction. Attacks are now being seen where more than 110,000 IP addresses are used simultaneously, while the real attack is hidden in the form of encrypted data packets. 

Currently, LogSentinel has formed a series of product layouts through independent research and development: from the network threat detection and response (NDR) system to the terminal threat detection and response (EDR) system, and then to the managed detection and response service. response (MDR). 

The LogSentinel reactive network security platform has built-in components for attack source tracking, traffic tracking, asset risk monitoring, account security monitoring, connection and file sandboxing, SSL decryption gateway, and mail gateway around the network layer , encrypted and unencrypted network traffic detection and tracing systems formed the LogSentinel NDR matrix; around the terminal level, a series of modules are developed for basic inspection, investigation and evidence collection, monitoring, response and security analysis, the components cover the core firmware, memory, files, logs, network and IOT equipment, etc., forming the layout of the LogSentinel EDR module series; around the actual combat level, the attack decision- creation support system, phishing detection system, honeynet and other components form a LogSentinel countermeasure matrix; around the level of service, service matrix such as traceability, emergency response, guard operation, on-call expert, security check, risk assessment performed, etc., forming a matrix of LogSentinel service components; around the work level is built a platform for microapplication situational awareness, management and control. 

LogSentinel performs end-to-end heterogeneous data collection and processing from multiple sources using big data analytics, machine learning, behavioral monitoring, security modeling, automatic orchestration, encrypted traffic analysis, hunting and trapping, attack forensics, traceability, profiling attacks combined with the attacker’s perspective, components that help users achieve a closed loop of a complete detection process, source tracking, evidence gathering, predicting subsequent attacks, a reactive system for automated response and remediation of security incidents. 


Prof. Nikolay Raychev is an expert in the field of software process improvement and software engineering technologies with two decades of experience as a software engineer, a software architect, a CIO, a CTO, a Director of Engineering, a professor, an author, and a consultant, focusing on software engineering issues.


Like this article? Share it with your network!