Skip to content

Sekoia Defend (XDR)

Sekoia Defend (XDR) is an eXtended Detection and Response platform that automates your SOC.

It allows you to easily integrate and analyze the events produced by your applications, endpoints, cloud and SaaS perimeters in real time, and we designed it with the sole purpose of protecting your assets from potential cyber threats.

Product Features

Collect

To defend your business, you need to know what's going on. Monitoring your assets is a prerequisite for their security. Sekoia.io is able to collect logs via various mechanisms, setting it up on your end is easy!

  1. Find out the supported ingestion methods.
  2. Take a look at our pre-defined Integrations' list that keeps growing to suit all of your needs.
  3. Configure your Intakes to collect your logs.
  4. Organize your intakes in Entities.
  5. Enrich your events with your Assets.

Detect

Sekoia.io combines Cyber Threat Intelligence, anomaly detection and advanced Threat detection scenarios to effectively detect attacks, intrusions and compromises. By design, Sekoia.io is built to protect your organization against the most aggressive and advanced threats.

  1. Discover the Rules Catalog.
  2. Create your own detection rules.

Investigate

Sekoia Defend (XDR) allows you to conduct investigations on malicious activities directly from an alert or by means of the event history. Case management makes it possible to reconcile alerts with each other and to document the associated analyzes and results.

  1. Review Security Alerts raised by Sekoia.io and investigate on their malicious activities.
  2. Hunt down the intruders with the Event History and its drill down capabilities.
  3. Use Case Management to centralize your observations on an incident and collaborate with other stake holders.

Automate

Automating your security improves your cybersecurity operations by consolidating your procedures. SOC Automation combines security tools, processes and people to accelerate the execution of your security responses while ensuring their repeatability and auditability.

  • Manage your Playbooks to automate your SOC.

Report

  • Review your Security with dedicated Dashboards or build your own control center.

Reveal (Asset Visibility & Inventory)

Reveal is an add-on module that continuously discovers, unifies, and contextualizes your assets (hosts, accounts, networks). It merges data from third-party asset inventories, vulnerability management tools, the sekoia endpoint agent and passive asset identication into a single, unified Asset Inventory.

Each asset is enriched with a context such as, Timeline, Hygiene posture, Vulnerabilities, and Points of Interest. Open the Asset Context Panel from Alerts, Cases, Events, or Assets to see identity, activity, and risk in place — speeding up triage and decisions.

Get started

  1. Connect sources: Deploy the Sekoia Endpoint Agent and integrate your asset inventory and vulnerability management tools.
  2. Curate inventory: Assign criticality, tags; resolve duplicates and address coverage gaps through your asset inventory.
  3. Investigate: Use the Asset Context Panel (coming soon) anywhere to view your assets with context.