ArmorPoint’s intrusion detection, behavioral monitoring, SIEM correlation, and log management capabilities.
ArmorPoint Level of Security
| Feature | Details | |
|---|---|---|
| 24x7x365 Live Network Monitoring | 24x7x365 live monitoring tool that logs various points across the customers’ network, depending on their desired level of security. | |
| Cloud and On-Premise Resource Monitoring | Supports monitoring for AWS, Azure, etc. as well as physical devices within the network. | |
| NOC and SOC Analytics | The analytics traditionally monitored in separate silos — SOC and NOC — brought together through one pane of glass for a more holistic view of the security and availability of the business. | |
| Performance Monitoring | Establish metrics and detect significant deviations. Gives the ability to monitor performance at the system, application, virtualization, and database level. | |
| Availability Monitoring | Ability to monitor various systems’ up/down/availability. | |
| Real-Time Event Correlation | ArmorPoint’s robust infrastructure supports the workload required to cross-check log data against a large number of rules, even at a high event rate. This allows for the detection complex event patterns in real-time, minimizing the mean time to detect (MTTD) a security incident. | |
| Real-Time Configuration Change Monitoring | Automated detection of changes in network configuration, installed software, files or folders, and windows registries. | Available |
| Default Dashboards | Summary view of your environment, displaying the data gathered from the assets you choose to monitor. | |
| Rich Customizable Dashboards | Configurable real-time dashboards, with adjustable panels that scroll to showcase KPIs. Dynamically display data for your network monitoring, virtualized infrastructure, and specialized apps. Enables association of individual components with the end-user experience that they deliver together providing a powerful view into the true availability of the business. | |
| External Threat Intelligence Feeds | ArmorPoint subscribes to a host of open source and commercial threat intelligence feeds that are filtered into the correlation engine to expedite threat detection. | |
| Powerful and Scalable Analytics | Quickly search and analyze large volumes of data and return results in near real-time with ArmorPoint’s index-based search engine. | |
| Customized Reporting | Generate professional, well-formatted reports to visualize data using ArmorPoint’s integrated report builder. | |
| External Technology Integrations | Powerful API-based integrations to streamline multiple tools or platforms. | |
| Simple and Flexible Administration | Web-based GUI with powerful platform management. | |
| Scale Out Architecture | ArmorPoint’s scalable infrastructure evolves to meet the changing needs of your growing company. | |
| Agent Monitoring | High-performance and expanded data collection for Windows, Linux, and MacOS. | Available |
Choose the level of service that fits your company’s needs for managed incident response. Items in red indicate managed services that would occur in the event of an active incident.
ArmorPoint Level of Service
| Feature | Details | ArmorPoint Core | ArmorPoint Analyze | ArmorPoint 360˚ |
|---|---|---|---|---|
| Basic Reporting | Access to robust search capabilities to schedule reports and deliver relevant results via email to key stakeholders. | |||
| Advanced Reporting | ArmorPoint security analysts run, generate, and deliver reports on a scheduled basis. | |||
| Human Analysis of Events | U.S.-based Security Operations Center analysts provide 24x7x365 security monitoring, carefully vetting alert notifications. | |||
| Incident Notification | Once identified as a valid threat, ArmorPoint Security Analysts issue a notification. | |||
| Remediation Planning | Expert recommendations to isolate, remediate, and restore environment from an incident. | |||
| Monthly Scheduled Vulnerability Scanning | ArmorPoint security analysts configure, conduct, and report the results of internal and external vulnerability scans used to identify security weaknesses across the networks, systems and applications monitored by ArmorPoint. | |||
| Automated Threat Containment | Identify and block active threats at the network edge | |||
| > Automated Incident Management | When an incident is triggered, an automated workflow runs to mitigate or eliminate the threat. | Available | ||
| > Identify Malicious IP Traffic | Detect flow of traffic from the IP address of known threats and receive notifications to practively block IP addresses. | Available | ||
| > Identify Malware Domain | Enabled defense against malware domains named on industry-leading blocklists. | Available | ||
| > Block Compromised Device Network Activity | Identify and block network activity by quarantining and isolating the compromised device. | Available | Available | |
| > Incident History | View ticket history of threats detected, analyzed, and mitigated by ArmorPoint Security Analysts. | |||
| Active Threat Mitigation | Identify, block, and remediate active threats within the network down to the endpoint. | |||
| > Virus and Malware Detection and Removal | Remove malicious software when detected. | Available | ||
| > Firewall Management | Optimize firewall for highest level of protection possible through rule-based parameters gathered from current threat intelligence data. | Available | ||
| > Threat Isolation at the Endpoint | Identify, isolate, and remediate active threats down to the endpoint, preventing the further spread of a virus or malicious process. | |||
| > Environment Hardening Recommendations | ArmorPoint cybersecurity experts provide recommendations for industry best practices to network to improve overall security posture. | |||
| > Root Cause Analysis | After remediating the threat, ArmorPoint security experts provide an in-depth report detailing the root cause analysis of the incident. |