The Sagan Solution

The Sagan Dashboard and Reporting

With the Sagan dashboard, you can get an in-depth look at your security ecosystem in one glance. It provides:

• A quick summary of alerts, logs, sensor health, and recent activity
• Ability to deep dive into any needed data or search
• Sensors, Severity, Protocol, Signatures, Sources and Destinations at-a-glance

Access detailed reporting of all activity and logos, and review any suspicious activity. And customize your reporting to meet your business’s internal policies. 

Reporting includes:

• Executive Summary for C-Level review and reporting
• Dynamic and customizable content
• Ability to customize any needed metrics
• Visual trending

Event Analysis & Management

With the Sagan solution, you can deep dive into any security event that occurs. With a user-friendly interface, you can

• Shows all events with the ability to search
• Ability to dive deep into analyst responses to events
• Ability to view log or packet payloads

Malware Detonation

Mitigate risks with our malware detonation features:

• The malware Detonation platform extracts files from existing network traffic
• Once extracted, samples are encrypted and submitted to our Private Malware Detonation Cloud using a secure channel.
• These samples are analyzed for unusual behavior and malicious indicators

Fingerprinting  

We developed a process to passively fingerprint your network by analyzing device signatures that give clues as to device type, operating systems, software, and services running in your network.

Utilizing our packet inspection engine to look for these clues in the user-agents, server responses, broadcast IP, etc.

Intel

Domain Tracking is a method of detecting a potential attack before it begins by tracking any changes to the company’s legitimate domains.

The console will be updated with any changes, including new suspicious domains, the addition of an IP to a suspicious domain, or the change of an IP.

Attack Map

The Attack Map allows you to visually see where events are originating from.Hovering over the event dots will display the event signature and the source IP address.

The Attack Map can be zoomed in and out.

Identify All Emerging Threats

BlueDot, Quadrant’s intelligent threat intelligence system, is designed to combat reputational deficiencies and garner a new paradigm of threat detection technology.

Powered by Sagan, BlueDot is a comprehensive and cyclical process that analyzes a variety of system and network artifacts in real-time in order to identify emerging threats to our customers. 

BlueDot aggregates and processes information from honeypots, malware research, and incidents assessed by our skilled team of Security Analysts in order to find relationships and context between attack data.

Then, analysts can use historical threat data to correlate attacks between adversaries and industries.