October 15, 2021
Remote Endpoint Data is Important
Castra's objective is to send logs in near real-time to our Exabeam platform; however, it is important to note that when we collect and review Endpoint Data this way, we can make more sense about the posture of the endpoint, allowing analysts the ability to make better decisions with the presented, asset-specific, data.
With Wazuh, Castra has the ability with playbooks to execute on-demand vulnerability scanning or monitoring cloud security configurations, just to name two.
Wazuh is built with the needs of an organization’s future in mind: multi-region cloud, scale, automation, reporting, RBAC, archiving, and more.
This new platform will allow hybrid security operations teams to help reduce risk, time, and exposure:
- With data lakes commoditizing, this open platform can potentially reduce costs around trying to keep all the things in one data repository.
- Castra analysts’ vision is enhanced. Shared object data and insights will lead to improved visibility into the overall risk of users and accounts, devices, and other transitory objects in environments.
- The ability to apply intel will allow the Castra team to improve security by tackling a broader range of use cases.
- Compliance and hardening concerns illustrate where the client should be spending time and resources.
Use Key Logs in AI & Machine Learning
Wazuh allows Castra to control on a volumetric scale, data flow to your AI and machine learning platforms, allowing it to focus on security-related data while keeping all other metrics for your organizational needs.
MITRE TTP-related data useful to the UEBA among other data is forwarded or polled in near real-time for SIEM consumption.