Sagan is a multi-threaded, real-time Security Information and Event Management (SIEM), and Analyzer, application. Sagan additionally uses a Snort-like rule set for detecting malicious traffic on your network and/or enterprise data assets. Our product contains over 7500 internally developed attack signatures that we use to detect and validate malicious activity. Our Sagan console allows for easy configuration and on-going management of your deployment. Our goal is to provide our clients with peace of mind that your core assets are being managed and under our watch 24/7/365 when paired with our MSSP.
Our Sagan console also has the ability to receive feeds from any network or computer device that communicates via syslog, event log, SNMP Trap and Cisco's Netflow. This capability allows for centralized viewing and correlation of any event originating within the enterprise or outside the perimeter. Furthermore, the Sagan console also has these unique features:
QSearch - Allows the customer to be able to search through their logs, and provides faster results than searching logs themselves or waiting on results from analysts. All of the data is indexed allowing for expedited searches. Tested results thus far have shown that the new search algorithms are even capable of processing more data in less time. This functionality was built in-house allowing for constant growth and future add-ons.
Reporting - The new report tool is a web application that provides customizable report generation using modular tools. Customers will be able to identify the sets of data that they are most interested in, quickly create various data visualizations, and save their favorite templates to their report dashboard. You can access our reporting tools from the Sagan console.
Reputation Database - Quadrant has accumulated, and continues to pursue, information regarding numerous malicious IP addresses. Threats validated by security analysts, and the associated sources of those threats, are "injected" into a reputation database. Addresses placed into the reputation database will be immediately accessible to a Sagan API, enabling Sagan to more quickly identify threats from the known malicious sources.
Threat Intelligence (Bluedot) - Threat intelligence is one of the big buzzwords in InfoSec today. Where many organizations fall short, however, is in understanding what intelligence is and how it should be leveraged. Intelligence is a product resulting from the collection, exploitation, and analyses of information which is used to support decision making by reducing uncertainty. Intelligence must be actionable, relevant, and timely. Blacklists do not provide context with respect to industries, attacker TTP's, or the ability to identify trends or forecast threats, whereas intelligence does. Intelligence helps determine "Why", "So what", and "What next,” among other things. Quadrant understands what threat intelligence is, and has developed a robust intelligence platform designed to support the tactical, operational, and strategic goals of your organization.