2020 'ASTORS' Finalists Edition | Page 40

either inside or outside of the network .

www . AmericanSecurityToday . com 2020 FINALISTS Edition - 49

When opened inside the network , the DecoyDocs sends all host data to the platform and generates an alert .

If the attackers exfiltrate the DecoyDocs , it will send the Internet-facing external address of every system that opens it back to the ThreatDefend platform with geo-location information .

The platform can export the forensic artifacts and output the event data to other analysis platforms , log aggregators , or SIEMs for further investigation and correlation to enhance threat intelligence development overall .

Partner integrations also allow for direct exchange with other platforms for threat hunting and data exchange .

These include partner integrations with SIEM solutions such as Splunk , McAfee ESM , or LogRythm , data enrichment with partners like Webroot and Virustotal , being a certified McAfee DXL partner , and being a certified Cisco pxGrid grid partner .

Few providers can offer network , disk , and memory forensic capture at the time of the attack , coupled with the correlation of all event data and forensic evidence to create adversary intelligence to such a degree .

“ As attackers become more sophisticated , it ’ s critical to not only detect their presence but also gain valuable adver-

40