ArmorPoint Product Details

ArmorPoint’s intrusion detection, behavioral monitoring, SIEM correlation, and log management capabilities.

ArmorPoint Level of Security

FeatureDetails
24x7x365 Live Network Monitoring24x7x365 live monitoring tool that logs various points across the customers’ network, depending on their desired level of security.
Cloud and On-Premise Resource Monitoring
Supports monitoring for AWS, Azure, etc. as well as physical devices within the network.
NOC and SOC Analytics
The analytics traditionally monitored in separate silos — SOC and NOC — brought together through one pane of glass for a more holistic view of the security and availability of the business.
Performance Monitoring
Establish metrics and detect significant deviations. Gives the ability to monitor performance at the system, application, virtualization, and database level.
Availability Monitoring
Ability to monitor various systems’ up/down/availability.
Real-Time Event Correlation
ArmorPoint’s robust infrastructure supports the workload required to cross-check log data against a large number of rules, even at a high event rate. This allows for the detection complex event patterns in real-time, minimizing the mean time to detect (MTTD) a security incident.
Real-Time Configuration Change Monitoring
Automated detection of changes in network configuration, installed software, files or folders, and windows registries.Available
Default Dashboards
Summary view of your environment, displaying the data gathered from the assets you choose to monitor.
Rich Customizable DashboardsConfigurable real-time dashboards, with adjustable panels that scroll to showcase KPIs. Dynamically display data for your network monitoring, virtualized infrastructure, and specialized apps. Enables association of individual components with the end-user experience that they deliver together providing a powerful view into the true availability of the business.
External Threat Intelligence Feeds
ArmorPoint subscribes to a host of open source and commercial threat intelligence feeds that are filtered into the correlation engine to expedite threat detection.
Powerful and Scalable Analytics
Quickly search and analyze large volumes of data and return results in near real-time with ArmorPoint’s index-based search engine.
Customized Reporting
Generate professional, well-formatted reports to visualize data using ArmorPoint’s integrated report builder.
External Technology Integrations
Powerful API-based integrations to streamline multiple tools or platforms.
Simple and Flexible Administration
Web-based GUI with powerful platform management.
Scale Out Architecture
ArmorPoint’s scalable infrastructure evolves to meet the changing needs of your growing company.
Agent MonitoringHigh-performance and expanded data collection for Windows, Linux, and MacOS.Available

Choose the level of service that fits your company’s needs for managed incident response. Items in red indicate managed services that would occur in the event of an active incident.

ArmorPoint Level of Service

FeatureDetailsArmorPoint CoreArmorPoint AnalyzeArmorPoint
360˚
Basic ReportingAccess to robust search capabilities to schedule reports and
deliver relevant results via email to key stakeholders.
Advanced ReportingArmorPoint security analysts run, generate, and deliver reports on a scheduled basis.
Human Analysis of EventsU.S.-based Security Operations Center analysts provide 24x7x365 security monitoring, carefully vetting alert notifications.
Incident NotificationOnce identified as a valid threat, ArmorPoint Security Analysts issue a notification.
Remediation PlanningExpert recommendations to isolate, remediate, and restore
environment from an incident.
Monthly Scheduled Vulnerability ScanningArmorPoint security analysts configure, conduct, and report the
results of internal and external vulnerability scans used to identify
security weaknesses across the networks, systems and
applications monitored by ArmorPoint.
Remediation PlanningExpert recommendations to isolate, remediate, and restore environment from an incident
Automated Threat ContainmentIdentify and block active threats at the network edge
> Automated Incident ManagementWhen an incident is triggered, an automated workflow runs to
mitigate or eliminate the threat.
Available
> Identify Malicious IP TrafficDetect flow of traffic from the IP address of known threats and
receive notifications to practively block IP addresses.
Available
> Identify Malware DomainEnabled defense against malware domains named on
industry-leading blocklists.
Available
> Block Compromised Device Network ActivityIdentify and block network activity by quarantining and isolating
the compromised device.
AvailableAvailable
> Incident HistoryView ticket history of threats detected, analyzed, and mitigated by
ArmorPoint Security Analysts.
Active Threat MitigationIdentify, block, and remediate active threats within the network
down to the endpoint.
> Virus and Malware Detection and Removal
Remove malicious software when detected.Available
> Firewall ManagementOptimize firewall for highest level of protection possible
through rule-based parameters gathered from current threat
intelligence data.
Available
> Threat Isolation at the EndpointIdentify, isolate, and remediate active threats down to the
endpoint, preventing the further spread of a virus or
malicious process.
> Environment Hardening RecommendationsArmorPoint cybersecurity experts provide recommendations
for industry best practices to network to improve overall
security posture.
> Root Cause AnalysisAfter remediating the threat, ArmorPoint security experts provide
an in-depth report detailing the root cause analysis of the incident.
X