CDM Phase 3 DEFEND: Federal Government
Overview This overview describes how xenexSOS platform from XeneX, in combination with existing security technologies, supports the Continuous Diagnostics and Mitigation (CDM) Program and enables agencies to achieve their security objectives.
The xenexSOS platform from XeneX is now on the DHS CDM approved products list (APL). This means that 66 Federal Civilian Agencies as well as State and Local Government entities can now purchase XeneX cybersecurity products.
The xenexSOS network-detection and response platform from XeneX correlates security-enriched metadata with other sources, automatically surfaces hidden attacks in real time, and enables conclusive threat hunting and incident investigations.
Value proposition and name brand justification the xenexSOS platform from XeneX enables security operations professionals at Federal agencies to:
Leverage our investigative workbench, which is optimized for enriched metadata and enables sub- second searches at scale.
Detect, prioritize and correlate in-progress attacks to compromised host devices to quickly prevent and mitigate loss.
XeneX is the only American-made FIPS-compliant technology that uses artificial intelligence to automate the hunt for cyberattacks in large-scale infrastructures – including data centers and the cloud – by continuously monitoring internal network traffic, logs and cloud events to detect advanced attacks as they are happening.
xenexSOS platform: The right data with the right context the xenexSOS platform collects and stores the right network metadata and augments it with machine learning.
High-fidelity metadata
Security-enriched metadata
Real-time and historical metadata
Scalable architecture
360° visibility: user, data center and cloud
Manage events (MNGEVT) requirements xenexSOS from XeneX uniquely maximizes automation and reduces human interaction by automating the Tier-1 security analyst role. xenexSOS rapidly detects attacker behavior and feeds the incident response tools, providing real time attacker behavior using our threat and certainty scores, as well as providing context around the attack and forensics. XeneX xenexSOS is proven to strengthen enterprise customers security postures.
The system can be set up to integrate with existing solutions to follow response process and procedures.
It can be set up to securely and automatically communicate and share incident response data
Important forensic data can be extracted from the system, significantly reducing the amount of time it takes to understand what happened and what has been impacted.
Find abnormal, anomalous network behavior and report on it in real time
Generate audit data that meet regulatory requirements including:
Appropriate audit data that can be used to support security assessment and forensic analysis.
Audit records that meet regulatory requirements.
Audit records that include “Who (asset or entity),” “What (action),” “When,” and “Where (target)” attributes of log messages.
Evidence when the audit log data is compromised in transit or at rest.
Providing audit and accountability data to report activities related to personally identifiable information and protected critical key assets. Incident response monitoring
xenexSOS detects events and incidents, in real-time, related to malicious and/or anomalous activities that could impact the security posture of an Agency’s network and infrastructure assets.
xenexSOS provides context around the incident as well as valuable forensic information that would otherwise have to be a manual data collection process.
Correlate network metadata with other data sources • Build custom tools and models to detect, investigate and hunt • Leverage all existing Zeek tooling
xenexSOS Recall: Built for investigation and hunting xenexSOS Recall is a cloud-based application to store and interact with security-enriched metadata.
Hunt for threats retrospectively
Accelerate incident investigations
Focus on security not infrastructure
xenexSOS Detect: The power of AI to detect and prioritize xenexSOS Detect gives you the power of AI to automatically detect, triage, prioritize and score hidden and unknown attacks at speed.
Stop compromises before they become breaches
Prioritize investigation and response
Empower and grow Tier-1 analysts
How XeneX supports the CDM program Multiple goals of the CDM Program relate to automation at the Agency level: Automated data collection and automated identification of the most critical security issues.
Automation is also involved at the Federal enterprise level; it assists with rolling up summary information into an enterprise-level dashboard, enabling near real-time situational awareness and determination of cybersecurity risk posture.
xenexSOS enables agencies to automate the process of identifying malicious incidents in real-time and triaging threats for the security operations team.
The xenexSOS platform integrates several security technologies, leveraging them as a dashboard, data source or action targets to automate threat detection, triage, investigation, response, and intelligence sharing. XeneX has a large ecosystem of third-party technology partners that integrate with the platform to achieve initiatives from the Program.
Operate, monitor and improve (OMI) requirements xenexSOS is designed to detect malicious activity, in real-time using our patented algorithms. Those algorithms are designed to detect anomalous and suspicious network behavior.
“What is happening on the network?” xenexSOS acts as a Tier-1 security analyst, watching over all of your software and hardware assets, in real time. xenexSOS monitors the activity, using its artificial intelligence to track down attacker behavior in real-time. We give unprecedented insight and visibility into what is going on across your infrastructure. xenexSOS’s capabilities include network and perimeter components, host and device components, data at rest and in transit, and some user behavior and activities.
Examples of XeneX ecosystem partner integrations:
Splunk
Micro Focus ArcSight
IBM QRadar
Carbon Black
CrowdStrike
Forescout
Gigamon
Ixia
APCON
VMware NSX
VMware
Palo Alto Networks
Juniper Networks
Splunk Phantom
Demisto
Cisco