HAWK Technology Stack
HAWK BDSA
HAWK’s Big Data Security Analytics Platform is the foundation for HAWK.io MDR, the industry’s first fully automated Manage, Detect, and Respond-as-a-Service.
HAWK BDSA incorporates advanced machine learning to perform automated threat hunting based on real-time behavioral analytics across users, assets, and applications resulting in highly accurate incident detection.
HAWK vTTAC™
HAWK’s patented vTTAC™ agent delivers unprecedented definition and integrity as it augments raw server security telemetry data feeds.
HAWK vTTAC™ combined with HAWK BDSA provides the highest level precision analytics. This is possible because of the high quality inbound telemetry data. Using the enriched contextual security telemetry data, HAWK automates the validation and prioritization of true security incidents.
HAWK SOAR
HAWK SOAR is AI-driven process orchestration that automates necessary steps associated with Digital Forensics, Investigation, and Response (DFIR):
All validated incidents are mapped to Mitre’s ATT&CK knowledge base of adversary tactics and techniques
Corresponding HAWK SOAR Playbooks are enabled to perform critical artifact gathering procedures to collect reputation characteristics of users, files, memory caches, as well as perform sandbox actions to profile damage potential of malicious code or actions
Once gathering is complete HAWK SOAR is ready to initiate proactive or reactive incident response actions
Built To Automate Incident Response
HAWK’s Technology Stack has been developed from the ground up to be a fully integrated, fully automated end-to-end SOAR platform to provide the highest level of SOC Automation available to the market today.
HAWK.io MDR provides Maximum Visibility by ingesting all of your system’s telemetry data that is critical for incident identification, validation, and prioritization. Data can be collected from anywhere and from any combination of IT infrastructure including On-Premise Cloud, Third Party Cloud Service, or a Hybrid Cloud Environment. HAWK.io MDR analytics engines use data associated with users, applications, servers, or any source that SOC analysts need to determine if a security incident response is required.
Security incident management requires Accurate information and full context of the situation, and risk mitigation requires Fast Recognition of the potential threat. HAWK.io MDR accomplishes both by providing powerful data enrichment with HAWK’s patented vTTAC™ intelligent agent technology. HAWK.io MDR’s data enrichment turns raw telemetry data into valuable information optimized for HAWK’s sophisticated machine learning analytics engines to make the most accurate incident identification in the shortest amount of time possible.
HAWK.io MDR provides AI Driven Incident Response by taking the robust incident profile and seamlessly executes automated DFIR (Digital Forensics and Incident Response) processes.
For the post incident follow-up process, HAWK.io MDR provides full accounting of the entire incident lifecycle. All reporting tools are fully customizable and can be run ad-hoc or scheduled.
HAWK BDSA
At the core of HAWK.io MDR is HAWK’s patented BDSA (Big Data Security Analytics) Platform.
HAWK BDSA leverages HAWK’s vStream data lake technology to achieve immense scale by using streaming analytics without the burdensome overhead and integration complexities of other open-source and commercial offerings.
vStream is designed to be the foundation of an end-to-end automated SOC environment.
About HAWK BDSA
Automated Threat Hunting
True Multi-Tenant Architecture
Support for mixed cloud-based and on-premise-based data sources
High availability – 99.9% guaranteed
Rapid onboarding of user, application, and asset log/machine data
Enforces individual access rights
Full customization of user dashboards
Robust reporting capabilities through all phases of incident management
Concierge service provides off-hours notification/escalation about detected incidents that require attention
About HAWK vStream
Infinite scalability
Streaming real-time analytics
High availability
HAWK vTTAC™
vTTAC™ (Virtual Tactics & Techniques Analytics Client) plays an integral role in the data collection process by the inbound data with additional meta-data to each raw event record as it is collected. Important information is captured as event logs are collected and added to the event stream.
Data points collected include: memory snapshots, parent-child process chains, other associated system/network service activity, security privilege elevations, and many more.
About HAWK vTTAC™
Automatically configures log settings for optimal event reporting
Ensures that logging services are maintained even after host system change management cycles
Ties incidents to tactics and techniques
Detects Living Off the Land attack methods
Tracks data changes
Delivers highly actionable information faster than log aggregators
Provides additional information describing the attack
Automatically scans file system and registry with built-in functionality
HAWK SOAR
HAWK uses AI methods to automate targeted artifact gathering to identify tactics and techniques used by the attackers and associates them with Mitre’s ATT&CK Matrix to determine the most appropriate SOAR Playbook for the situation.
HAWK.io MDR’s AI driven incident management system can be configured to provide fully automated execution of the SOAR Playbook, or can be set to alert SOC personnel and track the manual execution of the SOAR Playbook process through to completion.
About HAWK SOAR
Automated Incident Response
Real-time Threat Containment
SOAR Playbooks
Comprehensive Mapping to Mitre ATT&CK Matrix
User Defined
Automated Digital Forensic Incident Response (DFIR) Includes:
Asset Discovery/Definition
Artifact Gathering
Sandboxing
Reputation
Extensive Reporting
Documenting Entire Incident Lifecycle
Operational Efficiency/Effectiveness Metrics