90% of network failures can be attributed to human error. When technology responsibilities are spread across multiple vendors, the burden of managing and tying everything together falls on the IT department.
By aligning technology and security management within a single platform, vendor, and ecosystem, your IT department will enjoy a seamless, scalable solution without a complex vendor sprawl.
Security Without
the Guesswork
Hiring security experts, building an XDR, or attempting to use an off-the-shelf solution can be expensive and unpredictable.
Only Command|XDR alleviates complexity and uncertainty by enabling security while simplifying IT management.
CommandLink Security Advantages:
Firewalls with UTM or NGFW licenses offer better security, but their success hinges on diligent threat monitoring and mitigation.
NDR can be added to CommandLink’s managed UTM firewalls for enhanced detection and response.
CommandLink XDR provides customers with 24x7 SOC support, easing the workload on understaffed security and IT teams by monitoring endpoint logs.
Dedicated team of security experts familiar with your business and your security for faster and more relevant responses.
This service enhances, not substitutes, the customer’s security posture, ensuring they make the most of their current systems.
We use XDR and Mitre ATT&CK to provide endpoint log analysis and vulnerability monitoring with agent-based deployment for laptops and servers through the CommandLink Platform.
Integrated XDR for
Total Protection
CommandLink’s advanced monitoring seamlessly integrates with our XDR capabilities, providing real-time visibility into your security landscape and IT environment. This powerful combination enhances threat detection and response, ensuring comprehensive protection across your entire infrastructure.
With proactive monitoring, detailed alert policies, and automated support case creation routed to your dedicated SOC team, CommandLink’s XDR streamlines issue resolution and keeps your systems secure and running smoothly.
Command|XDR Monitoring:
Command|XDR provides a full-scale enterprise-grade SIEM platform to collect and analyze logs from your firewalls, servers, and endpoints.
Step 1: Log Collection
The Command|XDR SIEM collects logs from your firewalls, servers, and endpoints/assets.
Step 2: Analyze
The SIEM system analyzes the logs to identify potential security threats.
Step 3: Alerts
When the SIEM identifies a potential threat, it generates an alert for your dedicated Command|Link 24x7x365 security POD and internal IT department or MSP.
One Platform To Monitor and Manage Your Entire Attack Surface
The Command|XDR SIEM can ingest data from any source:
Network Devices
To identify suspicious activity, the Command|XDR SIEM collects logs from firewalls, routers, switches, and other network devices.
Servers
The SIEM collects server logs to track user activity, identify malware infections, and detect unauthorized access.
Endpoints
Laptops, desktops, and mobile device logs track malware infections and user activity and detect unauthorized access.
Security Devices
The SIEM correlates data with intrusion detection systems (IDS) and intrusion prevention systems (IPS) to identify suspicious activity and attacks.
Applications
The SIEM collects application data logs from web servers, databases, and email servers to identify suspicious activity and attacks.
Cloud Services
The Command|XDR SIEM also collects logs from Cloud providers like AWS, Azure/O365, and GCP.
Security Feeds
Command|XDR integrates outside intelligence from open-source data providers to help correlate and update your security posture.
Actionable Relevant Alerts
The Command|XDR SIEM ingests logs and correlates the events in the logs to create applicable alerts. It also augments these logs with third-party and internal Command|Link data to showcase precise details about the customer.
Data Correlation Sources:
Known Malicious Actor IPs
Globally Sourced Open Intel
CommandLink Sourced Malicious Ips
Indicators of Compromise
National Vulnerability Database
Relevant Detection
Command|XDR uses a unique algorithm to detect malicious and suspicious activity by combining event types, attributes, and thresholds.
Malware Infections
Detect malware infections by monitoring for suspicious activity, such as failed login attempts, unusual network traffic, and changes to system files.
Intrusion Attempts:
Detect intrusion attempts by monitoring for suspicious activity such as port scans, unauthorized access to systems, and attempts to exploit known vulnerabilities.
Data Breaches
Detect data breaches by monitoring for suspicious activity such as unauthorized access to sensitive data, exfiltration of data, and changes to data logs.
Be Prepared For Any Scenario
The unique Command|XDR algorithm is custom-built for each organization. The Command|Link SOC analysts constantly adjust your organization's algorithm to ensure proper ruleset execution. Correctly tuning the algorithm reduces false positives and increases relevant alerts. The Command|XDR employs a simple, complex model to capture every possible threat.
Simple Rules
Simple rules monitor for a single event type, such as failed login attempts.
Complex Rules
Complex attacks are typically a brute-force attack against a web server. The rule monitors for multiple failed login attempts from the same IP address within a short period. The rule also checks to see if the login attempts use different usernames and passwords.
Data + Strategy
= Unparalleled Security
Legacy XDR solutions rely solely on events and rules to trigger alerts, lacking ubiquitous organizational visibility.
Command|XDR has developed the Mitre ATT&CK Framework to ensure SOC Analysts take a holistic approach to your environment.
Command|XDR ORIENT Framework:
Observations
The first step in ORIENT is ingesting data from multiple sources, including SIEM alerts, open-source intelligence, network edge detection, malware detection software, emails, end-user behaviors, and much more.
Rulings
Once the data is available, it is correlated with known rules and indicators of compromise. The data is run through Command|XDR SIEM rules engine first. Machine learning compares the data to the rules for matches. Your Command POD analysts conduct threat hunting, looking for malicious actors who may be hiding inside the environment.
Investigation
When potential threats are identified, the security POD team moves into an investigative role using various tools and services to determine the true nature of the threat. The POD will utilize open-source intelligence, closed-source intelligence, system logs, and other analysts to investigate the issue.
Escalation
When the POD analysts determine there is no threat, they will close the investigation and note their actions and findings in a case report. This report is available in the Command|Link cloud XDR platform. If the analyst finds malicious activity, the analyst will escalate the event to you.
Notification
With a potential valid malicious action, the POD team will document their findings, their actions, and any additional questions they may have that could help negate the finding.
Transfer
The final stage of ORIENT is transferring the event to the appropriate internal resource or MSP. The POD analyst will continue to work with whoever is responsible for resolving the threat.
Command|MDR
The Command|XDR is fully integrated with a 24x7x365 dedicated security operations center staffed directly by CommandLink employees.
Dedicated Analyst Pod
Each customer is assigned a dedicated security team known as a POD. Each POD member is familiar with you and your environment, enabling a personal 24x7x365 experience. This provides a more rapid and robust solution for your organization, as there is no need to explain your environment repeatedly.
Threat Hunting and Discovery
Your Command|Link security POD will proactively perform threat hunting to search for malicious activity that has evaded traditional security defenses. Your dedicated security analysts use a variety of techniques, including data analysis, threat intelligence, and their own intuition, to identify and investigate suspicious activity.
Single source platform to design, deploy and manage internet access, SD-WAN, SASE, security, cloud phone systems, & collaboration services in one unified SaaS platform.
