Facebook-f Twitter

Call us!

610-444-8256

SNAP-Defense (MDR & SOC)

Managed Detection And Response (MDR)

Today, organizations utilize numerous security products and services. Most are standalone and too slow to catch modern day attacks until after the payload has been delivered. Hackers are also relying more on “living-off the-land” strategies: leveraging existing IT technologies and user accounts for malicious purposes. As a result, detecting and analyzing hacker tradecraft often takes significant time, technical expertise, and resources. The Pegasus SNAP-Defense security operations and incident response platform is a gamechanger. SNAP-Defense excels at monitoring and catching modern hacking tradecraft, delivering real-time alerts, and allowing for immediate threat response.

Managed Detection And Response + Security Operations Center

MDR + SOC solutions are becoming required by more compliance frameworks and more cyberliability insurance carriers. From a security strategy standpoint, having a SOC means responding faster, minimalizing damages and costs, and safeguarding data and business continuity. Investing in a SOC streamlines response to modern and advanced cyberthreats. Engaging with a SOC is an increasingly positive option for many businesses, especially those who want to build a robust security framework backed by security experts with experience in dealing with ever-evolving cyber adversaries. Ultimately, a SOC allows its organizations to operate knowing that cyberthreats can be identified and neutralized in real-time. Regardless of how many endpoints, networks, assets, or locations an organization spans, SOCs provide a centralized view to ensure that they are monitored and performing as needed.

What is a Security Operations Center (SOC)?

A Security Operations Center (SOC) is a centralized hub that combines dedicated security analysts, processes, and technology to continuously monitor an organization’s security posture. SOCs are focused on using telemetry measured from across an organization’s IT infrastructure and assets, including managed Endpoint Detection & Response (EDR) software, to prevent, detect, assess, and respond to cybersecurity incidents.

Protecting your business is synonymous with protecting your customers. Organizations that invest in an experienced Security Operations Center (SOC) benefit from in-depth security expertise, human threat analysis, 24/7 monitoring, and immediate incident response.

SNAP-Defense Is Competitively Priced And Offers Significantly More Capabilities And Value Than Competing Solutions.

Pegasus SNAP-Defense is a Security Operations and Incident Response platform that will not only detect and halt breaches in their earliest stages, but will also automatically generate dynamically updated compliance reports for you; greatly simplifying the compliance and regulation portion of doing business and allowing you to focus on other areas that need attention.

See it in action!

Learn more or schedule a demo by contacting us at 610-444-8256 or info@pegtech.com.

Identify Threats in Realtime Using SNAP Patented Detection Technology

  • Immediate network enumeration detection
  • Immediate lateral spread detection
  • Immediate remote privileged activity detection
  • Immediate malware event detection (with managed antimalware integration)
  • Immediate process hash and process tree visibility during an alert
  • Immediate removable storage detection
  • Immediate syslog-based threat alerting with automated context enrichment
  • Continuous and custom monitoring of Windows process and service threat indicators
  • Automated alert correlation and enrichment, including affected devices’ users, VLANs, hostnames, OS versions, and more
  • Customizable suppression rules reduce threat event operator/analyst overload
  • Realtime SMS and email threat notifications
  • Integrates, consolidates, and enriches alerts from numerous 3rd party security applications, including Sophos, Cisco AMP, Meraki, and more

Identify Security Risks and Ensure Continuous Compliance

  • Quickly generate real-time and historical reports

Summary Report:

  • Outstanding alerts by criticality, type, and time
  • Overall system health and status
  • Suppressed events by type and time

Compliance Report:

  • PCI-DSS
  • HIPAA
  • NIST 800-171
  • NYCRR-500
  • Sarbanes-Oxley
  • CJIS
  • CIP-NERC

Privileged Activity Report:

  • New/most/least active privileged users
  • New/all remote executions
  • Remote executions by user and application
  • New/all RDP activity
  • RDP activity by user, source, and destination
  • New/all privileged share activity

Security Events Report:

  • Antimalware events by severity, type, and time
  • Process and service threats by severity, type, and device
  • New attack sources and targeted devices
  • New point-to-point connections
  • New/all USB activity
  • USB activity by device
  • New/all malware persistence techniques

Network Report:

  • Detected enumeration activity
  • Enumeration activity by source, destination, and time
  • Core network change detection
  • SNMP community strings
  • Insecure core network passwords
  • Network Management devices, including TACACS, SNMP, NETFLOW, SYSLOG, NTP, and RADIUS

Stop Threats in Realtime with Built-in, Immediate, and Effective Response

  • Point-and-click response to detain compromised devices
  • Easily understandable alerts enable rapid triage by Tier 1 analysts with detailed data for Tier 3 analysts
  • Custom detainment notification message to device users
  • Immediate notifications of un-detained devices
  • Preserves compromised device state for follow-up forensics and threat analysis
  • 3rd-party response orchestration

Gain Unparalleled Live Insight into Privileged User Activity and Behavior

  • Identify privileged user accounts
  • View privileged user activity, including network shares, remote desktop, remote execution, and more
  • Detect low-frequency privileged activity
  • Automatically reports new, previously unseen privileged users and activity
  • Immediately identify privileged insider threat

Microsoft 365 Security Add-on for 24/7 True Managed Detection + Response

  • Accounts Created/Deleted
  • Altered Administrator Roles
  • Too Many Login Attempts
  • Sign-in from Unauthorized Country
  • Email Impersonation
  • SharePoint or OneDrive Files Shared Publicly
  • SharePoint Site Deletion
  • Accounts Generating Spam
  • Ensure Audit/Mailbox Logs Always On
  • MFA Authentication for Administrators
  • No Scripting (PowerShell) Privileges for Non-administrators
  • Block Dangerous Email Attachments
  • Block Mail Forwarding Rules
  • Block Third Party Applications
  • Limit External Information Leakage
  • Block Top Spamming Countries
Contact Us

Frequently Asked Questions

The alphabet soup of IT can be confusing, but the short answer is that Pegasus SNAP-Defense is all of the above and more. MDR is Managed Detection and Response and uses an agent installed on computers to look for unusual patterns of behavior. SOC is our Security Operations Center- an organized team of humans working 24 hours a day, 7 days a week, 365 days a year, to analyze alerts and coordinate response with precision. XDR is Extended Detection and Response and integrates data from a variety of sources, including MDR software agents, EDR software (EDR is endpoint detection and response- essentially, next-generation antivirus software that runs on computers), and SOC services that work in concert together to see the bigger security picture, observe trends, eliminate false positives, and focus on real threats.
SIEM (pronounced "sim," like simulation) stands for Security Information and Event Management. In simple terms, SIEM is a fancy log compiler. SIEM records things like access, successful access, denied access, and more from computers, servers, and applications. The downside is that SIEM alone doesn't stop threats- it just reports who's doing what and generates a lot of background noise in the process. SIEM doesn't necessarily give you any new data. It centralizes some reporting which can make it easier to spot trends. SIEM has been around for a long time and it is important for investigators to know what happened when they're analyzing a security break-in after it happens. Compliance standards sometimes require SIEM. Modern cybersecurity standards focus on recognizing trends in real-time, preventing problems from happening in the first place, and limiting spread after they occur. The aggregation and pattern-recognition features of SIEM are built-into Pegasus SNAP-Defense, and SNAP-Defense adds response. For clients who need SIEM-like logging capability to satisfy compliance requirements, it can be added to SNAP-Defense without incurring the cost of a separate SIEM system.
Yes, Pegasus SNAP-Defense includes 365 Defense as well as Google Workspace Defense. We now call this Cloud Response. We look for things like impossible travel (logging in at 9am from Philadelphia and 9:03am from Las Angeles with the same credentials), unauthorized travel (login from other geographies), and other signs that an account could be compromised so we can halt the account until we can validate the activity.