EXYS7950–KONDRA
Infrastructure protection from cyber attacks
Infrastructure protection by collecting and analyzing all traffic and events from on premise and cloud infrastructures (e.g., Microsoft Azure/Entra). The system makes use of Eclexys' thread intelligence databases.
Kondra is a security monitoring solution that seamlessly integrates Security Information and Event Management (SIEM) and Network Security Monitoring (NSM) capabilities, providing organizations with a robust mechanism for anomaly detection and defense against potential cyber threats. The KONDRA solution seamlessly integrates with the Secure DNS service and provides real-time protection against phishing attacks by preventing browsing to malicious web services.
- Ability to aggregate and analyze different data sets from various sources
- Availability of Microsoft Windows event logs
- Information about PowerShell scripts and commands executed on servers or destination nodes in the customer's infrastructure
- Information on process creation, network connections, file creation, driver loading, log events
- Comprehensive information on Active Directory
- Monitoring interfaces on different network packets
- Collection of intrusion detection system (IDS) alerts generated by network traffic
- Firewall activity monitoring and data logs
- Logs on Microsoft MS365 message management and trace activities
- Cloud computing platforms and services such as Microsoft Azure
- Monitoring of data from industrial control systems
- Data and logs from other ad hoc services
- Monitoring of various network protocols (HTTP,SSL,SSH, PSR, DCE_RPC, FTP, SOCKS, RADIUS, SMTP, SNMP, SIP, SMB, NTLM, Kerberos)
EXYS7950-KONDRA
By collecting, analyzing, and correlating data from different sources, the proposed solution strengthens an organization's level of security by providing proactive threat detection, incident response, and a comprehensive view of the entire ICT landscape, encompassing both on-premise and cloud environments. The solution can also be used in a multiple-site architecture, enabling centralized data collection and analysis.
EXYS7950-KONDRA
Responding to regulatory/auditing requirements as well as customers needs, reports on the status and behavior of the monitored architecture can be scheduled on a daily, weekly or monthly basis.
EXYS7950-KONDRA
This software comes with a number of tools that can be useful during the analysis process, such as PCAP and EVTX (Windows log format) analysis tools, the ability to schedule complete packet capture at a specified interval, and resource inventory. The solution also allows for customizations and extensions to meet customer needs.