The traditional model of network security has been designed around perimeter security. This model i.e. a high fence, while still relevant does not offer full protection as methods of attack have become more refined and ingenious, including social engineering and insider threats.
An emerging requirement is for an extra layer of security monitoring protecting the data itself, typically this data is housed in key assets such as servers (apps, dbs, backups,storage).
Despite perimeter security products working very well at the external attack surface, their analytical capabilities are limited. The level of refinement with a solution is limited to specific functions – limited with what and how they interpret the security threat.
Whereas when looking at the data layer, a different story emerges. The level of analysis from the data in its own right, yields higher quality data for security analysis.
Value of assets and our dependence on our digital estate has become total, the need for highly focused risk mitigation strategies has also increased. Defense in depth suggests a greater eco system of security products and services.
ACSIA can sit at the core of such an ecosystem.
Most of the significant data breaches of recent years have all occurred where organisations have relied exclusively on a perimeter security model.
ACSIA (Automated Cybersecurity Interactive Application) is a ‘post-perimeter’ security tool which complements a traditional perimeter security model. ACSIA resides at the Application or Data layer. These platforms (physical/VM/Cloud/Container) are the ultimate target of every attacker.
The ACSIA engine is provided on a subscription basis, and can be deployed on physical/VM/Cloud/Container platforms. ACSIA supports both windows and linux operating systems. The ACSIA core engine needs to be hosted on a dedicated VM from which it monitors all connected clients.
How long does it take to deploy ACSIA in a typical installation?
The ACSIA engine deploys in under 15 minutes on physical/VM/Cloud/Container platforms. ACSIA is simple to deploy and does not require any complex tuning or input of rules or policies.
In order for ACSIA to analyze server logs in real-time it has to have all logs centralized in one place and therefore it needs a SIEM. Therefore ACSIA comes with its own SIEM however ACSIA is not primarily designed as a SIEM product.
ACSIA utilises multiple threat intelligence and detection features. These include log analysis, signature recognition, patterns types, machine learning, Artificial Intelligence, UEBA, correlation and profiling algorithms – a different design concept to existing solutions.
ACSIA can monitor Windows and Linux as well as Containers.
ACSIA can be used as an add to your existing cyber security suite or as a standalone product.
ACSIA reads standard system and the most popular web application logs.
It could be the case that a client has developed a custom webapp with a custom log format. For this to be monitored by ACSIA we can provide support to integrate the log ingestion – within a very short time.
Yes – one of ACSIAs core strengths is scalability. As a rule of thumb, one ACSIA deployment can support up to 200 physical, virtual, cloud or container infrastructures. ACSIA can scale beyond 200 servers, 4Securitas professional services will engage with organisations where specific configurations are required.
No, ACSIA does not interrupt or imbalance in any way with any systems/processes or infrastructure. The network performance impact is virtually zero.
Until ACSIA is 100% sure that what has been detected is an actual threat it will not automate a response. Instead it will dispatch a notification requiring user input to make that call.
Typically the split between automatically actioned threats to user input is 95% : 5%.
This 5% also reduces every time the user input occurs and the engine refines its detection capabilities.
Uniquely ACSIA monitors for anomalous behaviour and will provide detailed guidance on the nature of the threat – what it means, where it came from and how to deal with it – all in real time.
Yes, ACSIA gives your full visibility on incidents not automatically handled by ACSIA to take action and enables the most appropriate remediation action to be taken in real time.
Yes, if the incident involves an internal legitimate user account and the account has been used to perform some unauthorised activity, ACSIA admin upon notification can avail of so-called immediate actions and block that specific user.
This can even be done from remote connected devices which is a big plus for busy security teams and on-call engineers.
If an ACSIA user wishes to block a specific user account without having received a notification that is possible too.
We are in a post perimeter security world. It is no longer sufficient to exclusively focus on perimeter security. Employees work from anywhere in the world and their devices access corporate data from the cloud outside of traditional security protections.
Securing data in the post-perimeter world requires organizations to move critical security capabilities to where applications are hosted and data is stored. This is the fundamental design methodology of ACSIA. Follow this link for more on Defense in Depth (computing).
There are many solutions for monitoring endpoints. ACSIA is designed for server systems because this is where the data is held.
We work with all perimeter security products and would be happy to advise on particular use cases.
Level 1 and 2 support are provided by ACSIA resellers.
The ACSIA Standard Support Subscription provides customer support between 08:00 and 17:00 BST (09:00 and 18:00 CET). Support is provided from our Dublin and Milan offices and is provided via emails where the customers can send a support request to support[at]acsia.io. Support is provided by web conferencing tools as well where our team remotely assists the customer by sharing their screens. A current ACSIA annual Support subscription includes ACSIA related support calls.
Yes, there is an entry level ACSIA Lite edition that contains many of the core features of ACSIA Enterprise edition. For a full list of features and differences between both editions, please see the attached link to factsheet (insert link to factsheet).
Both editions are fully supported by ACSIA and have identical attributes in terms of setup requirements, footprint and scalability.
Yes, once the upgrade subscription is purchased and the new product key provided, the upgrade is quick and seamless and it is done with the support of our team.
For customers with a valid ACSIA Subscription, updates are released for both products on a quarterly basis and can be installed and operational instantly. Feature releases occur once or twice a year and can be installed and operational instantly if the features are within minor release, otherwise if there is a major release then ACSIA reinstall required.
We have a customer feedback channel where we encourage partners and customers to help us identify new needs and thereby influence our product roadmap.