Our Sagan Solution is more than SIEM. It has evolved into an ecosystem that serves as an all-inclusive security solution. At Quadrant, we serve as the eyes and ears for our clients. Our solution provides the power and security of 24/7/365 monitoring, notification and remediation assistance by true security professionals, supported by ever evolving threat detection technologies and techniques.
Attacks take place around the clock. Many of these threats are not always identified through log analysis or packet inspection alone. Along with these technologies, Quadrant further utilizes Honeypots, human analysis (SOC) and our Malware Detonation Platform, all of which populate our proprietary BlueDot threat intelligence database and are shared across our global client base.
Adversaries are always on the move. Their tools and techniques are constantly changing and it is our job to continually enhance our solution and develop technologies that allow us to identify, validate and report threats for our clients.
| Traditional SIEM | Traditional IDS | Traditional MSSP | Quadrant's Sagan Solution | |
|---|---|---|---|---|
| FPC/IPCAP | Additional Fee | |||
| IDS/IPS | Additional Fee | N/A | Yes | |
| META Data | Additional Fee | Additional Fee | ||
| 53 Week Log Retention | Additional Fee | N/A | Additional Fee | |
| Custom Rule | ||||
| Standard Rule | 8000+ | |||
| Behavioral Analytics | Additional Fee | Additional Fee | Additional Fee | |
| Incidence Response | Additional Fee | |||
| Threat Intel | Additional Fee | Additional Fee | ||
| Real Time | Additional Fee | Additional Fee | ||
| Malware Detonation | Additional Fee | |||
| Honey Pots | ||||
| 24/7/365 SOC | Additional Fee | |||
| Proactive Domain Squatting Detection | ||||
| Pastebin Scraping |
Quadrant is a great vendor to work with. Their sales team is well supported by technical expertise and a great services bench. The flexibility of SAGAN is great allowing us to create custom correlation searches and implement use cases that may be more difficult using other products. Being able to do schema on read with log data gives the flexibility to iteratively develop custom parsers and normalization logic fast. The implementation of the common information model allows us to decouple our parser regex from our detection logic, which means we can scale more easily. Quadrant is helpful and supportive of system and issues. Training is well laid out and easy to access. Support issues are responded to in a timely manner and CTO is responsive to requests and customizations.
This is a large rule update which is long over due. This rule update improves the detection, accuracy and preformance of Sagan. For more informatin about Sagan see: https://quadrantsec.com/sagan_log_analysis_engine/ * Sagan Rule ChangeLog - 2018/11/08 * New watchguard.rules! https://github.com/beave/sagan-rules/commit/590fb11851d713...
Read More