Real-Time Threat and Breach Protection
Today, security analysts can conduct forensic analyses to find evidence of specific activity in network logs and devices after an attack.
However, if the suspicious activity is found, how can your customer's threats and damages be prevented or remediated in real-time? The Comodo NxSIEM Cloud Platform is an essential tool for MSPs who want to detect customer problems in real-time. Its powerful and reliable correlation engine processes complex events and keeps a sharp eye on abnormal activities, outliers or anomalies to speed remediation.
Incident and Case Management
Effective incident management is important for overall security remediation. How you respond to your customer's incidents can help you improve security awareness and provide you with a standart process for handling different customer circumstances. Comodo NxSIEM automatically generates incidents for correlated events and prioritizes them as defined by the correlation rule.
Incidents belonging to a case can be grouped under case definition and handled together in order to simplify the incident management process and provide better reporting of incidents.
Advanced Persistent Threat (APT)
APT's are a challenge to detect and it could be difficult for you to protect your customers from what you don't know. Attackers use different techniques to hide their activities including spreading their activities over time to avoid detection. It is crucial to identify threats as soon as possible to protect your customers. Long-term analyses over large data sets are crucial for identifying security threats. NxSIEM's event query and long-term reporting feature is designed to quickly find those complex events that lead to trails of an APT and reveal the details behind them.
Big Data Scalability
Log monitoring and data collection can be a concern to your customers if they do not have an understanding of which logs are important to watch. With The Comodo’s SIEM Cloud Platform, the answer is simple. All log types are collected and analyzed. Since logs are the key to understanding security controls, NxSIEM's highly scalable and flexible multi-tenancy architecture enables you collect all network logs generated regardless of size or density.
This enables collecting all logs from all customers without
Multi-tenancy
Multi-tenancy is often needed for MSP or MSSPs to manage customer data without separate deployments. Comodo NxSIEM is completely multi-tenant, ensuring each customer data is stored and processed separately in one deployment. You can support as many customers as you wish by a single deployment of Comodo NxSIEM. Furthermore you can define separate MSSP nodes that are also multi-tenant and manage many customers under different nodes.
Log Management
Comodo NxSIEM collects logs from various sources by various methods and aggregates, normalizes and classifies them in order to provide a broad end-to-end view of log data that can easily be correlated, associated and analyzed. Comodo NxSIEM leverages advanced queuing and fail-safe architecture to assure consistency and completeness of collected logs.
Forensic Analysis
Forensic Analysis is a complex process, demanding great time and effort. Analysts often start from a single point (e.g. attack or breach) and progress through evidence. Comodo NxSIEM significantly helps to ease and speed up the process by providing rapid queries with simple user interfaces, customizable dashboards and auto-queries. Comodo NxSIEM's long term reporting feature ensures gathering evidence from larger time intervals and contributes detection or identification of advanced persistent threats.
Live Lists
Comodo NxSIEM supports lists in correlation inputs and outputs and query report and dashboard filters. Live lists are a great way of managing security data, especially in real time environments. Live lists can be used to satisfy many use cases including: