either inside or outside of the network .
www . AmericanSecurityToday . com 2020 FINALISTS Edition - 49
When opened inside the network , the DecoyDocs sends all host data to the platform and generates an alert .
If the attackers exfiltrate the DecoyDocs , it will send the Internet-facing external address of every system that opens it back to the ThreatDefend platform with geo-location information .
The platform can export the forensic artifacts and output the event data to other analysis platforms , log aggregators , or SIEMs for further investigation and correlation to enhance threat intelligence development overall .
Partner integrations also allow for direct exchange with other platforms for threat hunting and data exchange .
These include partner integrations with SIEM solutions such as Splunk , McAfee ESM , or LogRythm , data enrichment with partners like Webroot and Virustotal , being a certified McAfee DXL partner , and being a certified Cisco pxGrid grid partner .
Few providers can offer network , disk , and memory forensic capture at the time of the attack , coupled with the correlation of all event data and forensic evidence to create adversary intelligence to such a degree .
“ As attackers become more sophisticated , it ’ s critical to not only detect their presence but also gain valuable adver-
40