Hillstone Networks recently announced iSource, our new data-driven and AI-powered extended detection and response (XDR) platform. Amid the acronym-powered world that cybersecurity has become (XDR, EDR, IAM, ML, APT, DDoS, etc., etc.) a little background might be in order.
XDR is a relatively new technology that expands upon and improves the capabilities of its predecessor, endpoint detection and response, or EDR. EDR is primarily used to detect and investigate anomalies and suspected threats on hosts and endpoints. By contrast, XDR integrates the data collected by multiple security products – like NGFWs, IPSs, WAFs, etc. – into a single, unified knowledge base that is then used to accurately identify and act upon potential threats.
In general, XDR is a more proactive and fine-grained cybersecurity solution than reactive methods like EDR and network traffic analysis (NTA). It also eases the workload on human cybersecurity efforts by automating much of the analysis and response needed to combat the changing threat landscape.
Introducing Hillstone iSource
From a high-level view, Hillstone iSource integrates a massive amount of security data, investigates correlations of incidents, identifies potential threats, automates security orchestration, and responds cohesively across multiple security products and platforms. It represents a radical new approach to cybersecurity through complete visibility, highly accurate identification of threats, and swift containment and mitigation.
In short, it gives security professionals unrivaled operational efficiency. Here are just a few key highlights on how iSource works and how it can power your security efforts.
Unified Data Collection from Multiple Security Products with Full Visibility
Hillstone iSource collects various types of data, such as threat logs and incident reports, from almost any source across Hillstone’s products and as well as certain third-party products. By standardizing and integrating diverse data across components, including cloud, network, and endpoints, iSource breaks down security information silos. It not only brings full security visibility with far fewer blind spots, but also improves detection accuracy and provides effective and efficient defense against threats.
Advanced ML-Driven Analytics and Detection
By synergizing the data and logs collected across the entire security fabric, as well as threat intelligence from top threat intelligence sources, Hillstone iSource can discover even stealthy and evasive threats, and characterize the attacks. Powered by machine-learning and statistical algorithms, its behavior analytics engine helps distinguish anomalous activities among a large amount of integrated data. In short, by leveraging its threat correlation analysis engine, iSource is able to take the low confidence reports from various security products scattered across the infrastructure, and aggregate it all into one cohesive high-confidence risk assessment that can be used for future remediation.
The iSource correlation analysis engine consolidates individual incidents for context awareness, and applies analysis to correlated data to identify high-fidelity incidents, provide a complete picture of an attack chain and further help in the investigation of the attack’s purpose. Its powerful log analysis has built-in threshold- and status-based detection and correlation analysis capability that allows security analysts to define customizable rules to identify key threats via artifacts. The Search Processing Language (SPL)-based log search engine also alleviates the pain of searching and analyzing massive logs.
Comprehensive Vulnerability and Risk Management
Hillstone’s vulnerability management helps identify and present vulnerabilities by leveraging the industry’s leading vulnerability assessment solution. It also supports adding new scanners for customization or even manually importing a vulnerability report file for further containment of threats.
Assets are the core for risk management. Hillstone iSource provides comprehensive risk management for assets like servers, endpoints, or even applications and services, from multiple dimensions including risks, vulnerabilities, and threat events. It presents statistical data, such as distribution and trends of threats and vulnerabilities, along with detailed information of individual assets. This holistic approach protects assets by identifying and mitigating potential exposures to threats.
Automated Security Orchestration and Cohesive Response
Hillstone iSource offers automated security orchestration and response capability with built-in playbooks, integrated interactions with Hillstone security products and the ability to assign tasks for collaborative case management. In addition to predefined playbooks that offer optimized workflows and responses, Hillstone iSource also offers the agility and flexibility to define automated workflows visually in playbooks based upon ingested incidents or alerts, intelligence queries and actions of response.
These playbook-driven responses combine automated tasks that can span multiple Hillstone devices, such as Hillstone NGFW, NIPS, CloudEdge, CloudHive, and others, with manual tasks handled through incident case management. Certain third-party devices can also be supported in playbooks via RESTful APIs or SSH connections. This enables swift incident triage and attack containment before damage can be done.
Unified Management and Reporting with Intuitive and Customizable Console
The customizable dashboard allows simple and rapid access to the organization’s security posture with comprehensive statistical information such as rankings and counters, as well as incident summarization and security trends with graphical charts and lists. The intuitive design provides an optimized user experience for management and operations. Hillstone iSource also supports template-based or customizable reports that can be generated on schedule or on demand. Public APIs enable integration with third-party tools or security products to inject security data generated across the entire security fabric and perform interactions to contain threats.
In short, Hillstone’s iSource provides complete visibility, highly accurate threat identification and rapid containment and mitigation of threats and attacks. It is available immediately worldwide. For more information, contact your Hillstone sales representative or authorized reseller.