CMC Cyber Security launches software CMC Automatic Information Security Reaction Coordination System (CSOAR)
Recently, CMC Cyber Security Company has just launched "CMC Security Orchestration Automation & Response (CSOAR) Automatic Response Coordination System". It is a solution that gathers information about security threats from a variety of sources and performs low-level troubleshooting without humans. This solution helps increase the efficiency in operating the organization's security with:
- Supports integration with Threat Intelligence source and information security products.
- Support virtual appliance form to deploy virtual appliance on premise
- Automatically generate alerts on information security events of the system and provide handling plans for the events.
- Building a handling process in line with the customer's system, helping customers to manage the system's problems effectively, easily to scale.
- Speed up Triage and reduce the time and resources required to perform a threat investigation
- Minimum authentication support via: LDAP, SAML.
- Support creating users and user groups
- Providing centralized management system through Web UI interface with Dashboard Portal system
- Ability to define access rights according to the troubleshooting role
- Ability to split license using feature, modularization includes data privacy breach module and Privacy module to guide data loss handling (eg GDPR ...)
- Assists the administrator in defining a feature-based access role and easily managed partition including restricting access to specific functions, scope of troubleshooting
- Support automatic update and update via direct installation package
- Supporting Web UI management interface with Dashboard Portal system ensures the functions of managing, analyzing, publishing reports ... This portal is also responsible for providing news feed for management and monitor the troubleshooting progress, detail the processing progress according to each administrator's action
- Integrating with CMC Dashboard Portal displays a variety of components for administration, information monitoring and can be customized according to usage purposes.
- Providing a centralized application store that allows downloading of 3rd party applications installed directly on SOAR; supports popular applications such as: McAfee, Cisco, Code42, Carbon black, Redhat Ansible, Crowdstrike ...
- Ability to maintain database and troubleshooting history, allowing administrators to search for processed information according to each issue
- Ability to import and export configuration
Handling incident response
- Ability to guide data loss handling according to data protection laws of each geographic region, country
- Ability to integrate 2-way with SIEM to help flexibility and efficiency in SOC handling
- Allows creating problems by receiving emails, automatically filtering information in emails
- Ability to automatically extract information from an email attachment and attach it to a pending issue
- Provides a manual troubleshooting and crash creation interface through API, Web URL, SIEM, ticket system and creation interface, custom graphical workflow, easy drag and drop, based on BPMN - Business Process Model Notation with Dashboard Portal system integration
- Allows the organization to simulate incidents, test response plans, and enable the organization to detect errors to correct before the problem actually occurs
- Allows writing scripts on the interface to support writing automation modules and modules
- Ability to test scripts and debug to detect errors before actual execution
- Ability to combine playbooks including processing steps, processing stages to guide users in responding to attack situations
Correlation of analytical information
- Support available to create evidence for the incident
- Support decentralized, delegated on each step of troubleshooting
- Support creating Wiki pages, allowing organizations to add important information, manuals, reference information.
- Support for correlation analysis engine to show relationships between incidents with the same evidence
- Support displaying the trend of incidents and threats
- Supports periodic updating of intelligence from multiple sources for the incident evidence
- Support the ability to trigger actions for third party systems, related to problem handling
- Supports correlation of intelligence from multiple sources including 3rd parties. These intelligence are automatically updated periodically.
- Support automatically navigating the troubleshooting according to the information entered, the playbooks automatically apply to different types of attacks
- Provides the ability to link incidents using evidence of attack
- Support available at least 5 intelligence sources to assist with information enrichment
- Support for fault correlation interfaces via IOC
- Allows users to perform troubleshooting steps immediately on the admin interface
- Provide built-in reporting templates, allowing to report incident information, for many recipients with different levels of details.