Chat with us, powered by LiveChat
min-width: mobile
min-width: 400px
min-width: 550px
min-width: 750px
min-width: 1000px
min-width: 1200px
NOTICE We have updated our Privacy Policy to include GDPR and the use of cookies. Click "Accept" to continue. ACCEPT

Sagan

Our all-inclusive Sagan Solution offers real-time, 24/7/365 identification, validation and ultimately notification on malicious activity at both the log and network levels. While any MSSP is capable of notifying a customer of questionable activity, there is zero value in that approach. We focus on the Identification, Validation, and reporting of malicious activity as well as assisting the business with Incident Response and containment activities.

We understand business today partner with a 3rd party MSSP for a number of reasons. Oftentimes, it is because the business lacks bandwidth and the manpower needed to address around the clock identification of bad actors. This is what we are paid to do and it is our job to develop ways to identify the "bad stuff" outside of traditional Log and packet analysis.

With zero upfront cost, we make it easy to onboard. We offer all hardware, software and 24/7/365 support for one monthly fee over the course of the contract. We believe that our people + product approach to this solution delivers the most effective protection of your data.

Download the Sagan Solution Overview

Dashboard

  • Quick summary of alerts, logs, sensor health and recent activity
  • Ability to deep dive into any needed data or search
  • Sensors, Severity, Protocol, Signatures, Sources and Destinations at-a-glance

Reporting

  • Executive Summary for C-Level review and reporting
  • Dynamic and customizable content
  • Ability to customize any needed metrics
  • Visual trending

Events

  • Shows all events with the ability to search
  • Ability to dive deep into analyst responses to events
  • Ability to view log or packet payloads

Malware

  • The Malware Detonation platform extracts files from existing network traffic.
  • Once extracted, samples are encrypted and submitted to our Private Malware Detonation Cloud using a secure channel.
  • These samples are analyzed for unusual behavior and malicious indicators.

Fingerprinting

  • We developed a process to passively fingerprint your network by analyzing device signatures that give clues as to device type, operating systems, software and services running in your network.
  • Utilizing our packet inspection engine to look for these clues in the user-agents, server responses, broadcast IP, etc.

Intel

  • Domain Tracking is a method of detecting a potential attack before it begins by tracking any changes to the company's legitimate domains.
  • The console will be updated with any changes, including: new suspicious domains, the addition of an IP to a suspicious domain, or the change of an IP.

Attack Map

  • The Attack Map allows you to visually see where events are originating from.
  • Hovering over the event dots will display the event signature and the source IP address.
  • The Attack Map can be zoomed in and out.

Bluedot Intelligent Threat Intelligence

Blacklists often lack context that is required for decisive action. Quadrant Information Security is aware of the shortcomings of reputation lists. BlueDot, Quadrant's intelligent threat intelligence system, is designed to combat reputational deficiencies and garner a new paradigm of threat detection technology.

Powered by Sagan, BlueDot is a comprehensive and cyclical process that analyzes a variety of system and network artifacts in real-time in order to identify emerging threats to our customers. With this intelligence process as a part of our overall Sagan Solution, we can share this data with all of our customers, which is controlled and managed by our SOC analysts. Context is king and all data, hostile connections, hashes and malicious activity are vetted, analyzed, alerted on and after verification, is entered back into our BlueDot intelligence.

BlueDot aggregates and processes information from honeypots, malware research, and incidents assessed by Quadrant Information Security’s skilled team of Security Analysts in order to find relationships and context between attack data. Information from BlueDot feeds Sagan’s real-time detection capabilities. Then, analysts can use historical threat data to correlate attacks between adversaries and industries. New threats observed may provide new indicators and identification of known indicators, which lead to the overall collection of threat indicators. BlueDot strives for our data to be "quality over quantity" and to ensure that decision makers in your organization are performing their duties with the most accurate and actionable intelligence.

Sagan Open Source

Get more information about the Sagan Log Analysis Engine here.