Next-Gen SIEM
Security Incident & Event Management  

Supported capabilities for SIEM Collectors & Responders

Open Data Lake


  • You'll benefit from the IC360 Operating System that integrates one of the most advanced, next-generation IEMs on the market, based on an Elastic Search Architecture on top of a highly scalable data lake platform.​

  • Advanced AI and Machine Learning algorithms will process massive amounts of data with exceptional performance. 

  • Complex correlations are possible across large amounts of actual and historical data in order to detect anomalies, recognize patterns and learn effective responses.  This level of performance is not possible on traditional SIEM platforms.

  • You're not getting the performance you deserve by using traditional SIEMs that are based on structured data warehouse schemas that are unable to keep up with the volumes of data, AI / Machine-Learning algorithms or advanced search requirements.

Real-Time Threat Detection

  • By leveraging our next-generation SIEM, the IC360 Operating System, you'll finally get real-time threat detection, whereas older SIEM systems were only able to offer hourly service level agreement because they were not able to process the massive data feeds quickly enough. 

  • The IC360 Operating System threat detection will identify more than just traditional malware or signature-based threats, it will find the most advanced, difficult to detect, and evolving threats such as APTs, ransomware, zero-day, or carefully planned insider attacks.  

  •  IC360 Incident Management allows our SOC Agents to visually track the continuous alerts and active intrusions in real-time.  

Machine Learning
& AI-Analytics

  • Our algorithms learn from human decisions so that the machine makes better alerts over time.  This is based on the branch of Artificial Intelligence known as Machine Learning.

  • The IC360 Operating System takes advantage of this advanced capability but not rely entirely on it.  While we use AI to determine whether the machine will be allowed to intervene autonomously, we'll trigger auto-containment or auto-remediation if all perquisites are met. This process ensures that automated responses don’t inadvertently create more problems than they solve. 

Behavior Anomaly Detection

  • While relying on the strong AI-enabled analysis, behavioral anomalies may be relevant to either human behavior or device/network behavior.  The solution is able to identify all types of anomalous behaviors, including inconsistencies or risky behaviors of end-users (critical to the detection of potential insider-threats) as well as symptoms of other threats such as erratic device or network performance or traffic.  The advances in machine learning allow us to process massive amounts of information and execute complex correlations not previously available in past generation security solutions. 

Threat Intelligence Complier

  • Multiple threat intelligence feeds are ingested and normalized to ensure that the latest information is available for vulnerability and incident analysis.  Our Incident Response Team is constantly hunting and learning about new threats or vulnerabilities and feeding them into the compiler.

  • Threat Intelligence data is used to help our SIEM analyze massive amounts of data looking for identified patterns as well as previous or current attacks and potential solutions. 

Threat Intelligence Complier

  • When an anomaly (compromise attempt) is detected, the IC360° Operating system can trigger automatic machine-to-machine blocking or quarantine actions before being sent to humans in the SOC/IRT for inspection and final resolution.  This protects the environment from further damage while the situation is better understood.



  • You also get Sandbox Detection; the ability to rapidly simulate a safe or ‘sandbox’ environment in which advanced threats can be allowed to execute.  This is extremely important for the constantly morphing or zero-day threats that would not be recognized by traditional signature-based detection. 



  • The IC360 Operating System includes automated root-cause or forensic hunting.  While SOC agents will continue to investigate hypotheses or suspicious behaviors, the system will continuously and iteratively search the client environments for known or suspected risks or anomalous behaviors.  It will also diagnose attack vectors to contain the spread and isolate the root cause.