Why don’t we use the term SIEM?
This is because our platform is not a SIEM and consists of many parts that are not typically found in a SIEM. We don’t utilize a SIEM system to perform our services. Our platform is broken down into many components that can easily be swapped out as we improve our services. Regardless of whether the feature is off the shelf or custom created, we evaluate every section with every upgrade to provide the best services possible.
The platform is split into 3 distinct categories that represent the overall process:
Ptolemy is our Threat Intelligence Aggregation System. It gathers, organizes and prioritizes threat reports found in both paid and free sources as well as discoveries from our 1MC Labs team. We analyze IPs, URLs, Application Hashes, Virus & Malware Alerts and Signatures, and much more. This data is then used to encrich the data gathered from our customers.
Norbert provides AI/ML at scale looking for the unknown, odd patterns. Norbert attempts to expose the “final bucket” that just doesn’t fit your corporate patterns. Enhanced with the intel cateloged in Ptolemy, norbert utilizes the latest in AI and ML practices to locate anomolies in real time as well as evaluate past data for newly emerging IoCs.
Like looking for a needle in a haystack, a Magnet can find the small items stuck in the belly of big data. Magnet strips away the standards, looking for and identifying patterns in data that fit known IoCs. The alerts are then sent directly to SOC Analysts to evaluate the larger picture and escalate as necessary. Magnet utilizes intel directly from Ptolemy to ensure its looking for the most up to date IoCs.