90% of network failures can be attributed to human error. When technology responsibilities are spread across multiple vendors, the burden of managing and tying everything together falls on the IT department.
By aligning technology and security management within a single platform, vendor, and ecosystem, your IT department will enjoy a seamless scalable solution without a complex vendor sprawl.
Hiring security experts, building an XDR, or attempting to use an off-the-shelf solution can be expensive and unpredictable.
Only Command|XDR alleviates complexity and uncertainty by enabling security while at the same time simplifying IT management.
Command|XDR provides you a full scale enterprise grade SIEM platform to collect and analyze logs from your firewalls, servers, and endpoints.
Step 1: Log Collection
The Command|XDR SIEM collects logs from your firewalls, servers, and endpoints/assets.
Step 2: Analyze
The SIEM system analyzes the logs to identify potential security threats.
Step 3: Alerts
When the SIEM identifies a potential threat, it generates an alert for your dedicated Command|Link 24x7x365 security POD and internal IT department or MSP.
One Platform To Monitor and Manage Your Entire Attack Surface
The Command|XDR SIEM can ingest data from any source:
The Command|XDR SIEM collects logs from firewalls, routers, switches, and other network devices to identify suspicious activity.
The SIEM collects servers logs to track user activity, identify malware infections, and detect unauthorized access.
Laptops, desktops, and mobile device logs track malware infections, user activity, and detect unauthorized access.
The SIEM correlates data with the intrusion detection systems (IDS) and intrusion prevention systems (IPS) to identify suspicious activity and attacks.
The SIEM collects application data logs from web servers, databases, and email servers to identify suspicious activity and attacks.
Data logs from IoT devices such as smart thermostats, security cameras, and industrial control systems are ingested into the Command|XDR SIEM to identify suspicious activity.
The Command|XDR SIEM also collects logs from Cloud providers like AWS, Azure/O365, and GCP.
Command|XDR monitors social media platforms like X and Reddit to identify potential threats and trends.
Command|XDR integrates outside intelligence from open source data providers to help correlate and update your security posture.
Command|XDR can integrate with servers, accounts, and systems set up as honeypots to detect early signs of malicious activity.
Actionable Relevant Alerts
The Command|XDR SIEM ingests logs and correlates the events in the logs to create applicable alerts. It also augments these logs with third-party and internal Command|Link data to showcase very specific details about the customer.
Data Correlation Sources:
Known Malicious Actor IPs
TOR Exit Nodes
Globally Sourced Open Intel
CommandLink Sourced Malicious Ips
Indicators of Compromise
National Vulnerability Database
Command|XDR uses a unique algorithm to detect malicious and suspicious activity by combing event types, attributes, and thresholds.
Detect malware infections by monitoring for suspicious activity such as failed login attempts, unusual network traffic, and changes to system files.
Detect intrusion attempts by monitoring for suspicious activity such as port scans, unauthorized access to systems, and attempts to exploit known vulnerabilities.
Detect data breaches by monitoring for suspicious activity such as unauthorized access to sensitive data, exfiltration of data, and changes to data logs.
Be Prepared For Any Scenario
The unique Command|XDR algorithm is custom built for each organization. The Command|Link SOC analysts make constant adjustments to your organization's algorithm to ensure proper execution of the ruleset. By fine tuning the algorithm, false positives are reduced and relevant alerts increase. The Command|XDR employs a simple and complex model to capture every possible threat.
Simple rules monitor for a single event type, such as failed login attempts.
Complex attacks are typically a brute-force attack against a web server. The rule monitors for multiple failed login attempts from the same IP address within a short period of time. The rule also checks to see if the login attempts are using different usernames and passwords.
Compliance and Hardening Reviews
Command|XDR also functions as a detailed asset information gathering source that compares your assets to known compliance frameworks like SOC 2, ISO 27001, HIPAA, PCI, NIST (800-53) and others.
Security Configuration Assessment (SCA)
Ensure that all systems meet your predefined security requirements. This helps to reduce the attack surface of endpoints by hardening them. SCA can be used to identify and update weak policies in endpoints, which can help to improve their security posture.
Monitor endpoints for misconfigurations and exposures. Policy files are used to define the rules to assess the configuration of each endpoint. SCA policies can check for the existence of files, directories, registry keys and values, running processes, and recursively check for files inside directories.
Data + Strategy
= Unparalleled Security
Legacy XDR solutions rely solely on events and rules to trigger alerts, lacking ubiquitous visibility across the organization.
Command|XDR has developed the ORIENT Framework to ensure SOC Analysts are taking a holistic approach to your environment.
Command|XDR ORIENT Framework:
The first steps in ORIENT is the ingestion of data from multiple sources including SIEM alerts, open source intelligence, network edge detection, malware detection software, emails, end user behaviors, and much more.
Once the data is available, it is correlated with known rules and indicators of compromise. The data is run through Command|XDR SIEM rules engine first. Machine learning compares the data to the rules for matches. Your Command POD analysts conduct threat hunting looking for malicious actors who may be hiding inside the environment.
When potential threats are identified, the security POD team moves into an investigative role using a variety of tools and services to determine the true nature of the threat. The POD will utilize open source intelligence, closed source intelligence, system logs, and other analysts to investigate the issue.
When the POD analysts determines there is not a threat, the analysts will close the investigation and note their actions and findings in a case report. This report is available in the Command|Link cloud XDR platform. If the analyst finds malicious activity, the analyst will escalate the event to you.
With a potential valid malicious action, the POD team will document their findings, their actions, and any additional questions they may have that could help negate the finding.
The final stage of ORIENT is transferring the event to the appropriate internal resource or MSP. The POD analyst will continue to work with whomever is responsible to remediate and resolve the threat.
The Command|XDR is fully integrated with a 24x7x365 dedicated security operations center staffed directly by CommandLink employees.
Dedicated Analyst Pod
Each customer is assigned a dedicated security team known as a POD. Each POD member is personally familiar with you and your environment, enabling a personal 24x7x365 experience. This provides a more rapid and robust solution for your organization as there is no need to explain your environment over and over again.
Threat Hunting and Discovery
Your Command|Link security POD will proactively perform threat hunting to search for malicious activity that has evaded traditional security defenses. Your dedicated security analysts use a variety of techniques, including data analysis, threat intelligence, and their own intuition, to identify and investigate suspicious activity.