Today, organizations utilize numerous security products and services. Most are standalone and too slow
to catch modern day attacks until after the payload has been delivered. Hackers are also relying more on
“living-off the-land” strategies: leveraging existing IT technologies and user accounts for malicious
purposes. As a result, detecting and analyzing hacker tradecraft often takes significant time, technical
expertise, and resources. The Pegasus SNAP-Defense security operations and incident response platform
is a gamechanger. SNAP-Defense excels at monitoring and catching modern hacking tradecraft,
delivering real-time alerts, and allowing for immediate threat response.

Managed Detection and Response (MDR)

MDR is the next evolution in cybersecurity services. SNAP-Defense is a Gartner-recognized 24×7 MDR
solution. From its Security Operations Centers (SOC), our experienced MDR team will monitor, actively
hunt, and respond to real-time threats – giving you peace of mind that your infrastructure is secure. Our
MDR service is significantly more cost-effective and efficient than if an organization were to build and
operate its own 24×7 SOC.

Satisfies Many Cybersecurity Compliance and Reporting Requirements

Pegasus SNAP-Defense is a Security Operations and Incident Response platform that will not only detect and halt breaches in their earliest stages, but will also automatically generate dynamically updated compliance reports for you; greatly simplifying the compliance and regulation portion of doing business and allowing you to focus on other areas that need attention.

SNAP-Defense  is competitively priced and offers significantly more capabilities and value than competing solutions.

Multi-Point Threat Detection

Identify Threats in Realtime Using SNAP Patented Detection Technology

  • Immediate network enumeration detection
  • Immediate lateral spread detection
  • Immediate remote privileged activity detection
  • Immediate malware event detection (with managed antimalware integration)
  • Immediate process hash and process tree visibility during an alert
  • Immediate removable storage detection
  • Immediate syslog-based threat alerting with automated context enrichment
  • Continuous and custom monitoring of Windows process and service threat indicators
  • Automated alert correlation and enrichment, including affected devices’ users, VLANs, hostnames, OS versions, and more
  • Customizable suppression rules reduce threat event operator/analyst overload
  • Realtime SMS and email threat notifications
  • Integrates, consolidates, and enriches alerts from numerous 3rd party security applications, including Sophos, Cisco AMP, Meraki, and more

Risk and Compliance Reporting

Identify Security Risks and Ensure Continuous Compliance

  • Quickly generate real-time and historical reports

Summary Report:

  • Outstanding alerts by criticality, type, and time
  • Overall system health and status
  • Suppressed events by type and time

Compliance Report:

  • NIST 800-171
  • NYCRR-500
  • Sarbanes-Oxley
  • CJIS

Privileged Activity Report:

  • New/most/least active privileged users
  • New/all remote executions
  • Remote executions by user and application
  • New/all RDP activity
  • RDP activity by user, source, and destination
  • New/all privileged share activity

Security Events Report:

  • Antimalware events by severity, type, and time
  • Process and service threats by severity, type, and device
  • New attack sources and targeted devices
  • New point-to-point connections
  • New/all USB activity
  • USB activity by device
  • New/all malware persistence techniques

Network Report:

  • Detected enumeration activity
  • Enumeration activity by source, destination, and time
  • Core network change detection
  • SNMP community strings
  • Insecure core network passwords
  • Network Management devices, including TACACS, SNMP, NETFLOW, SYSLOG, NTP, and RADIUS

Realtime Threat Response

Stop Threats in Realtime with Built-in, Immediate, and Effective Response

  • Point-and-click response to detain compromised devices
  • Easily understandable alerts enable rapid triage by Tier 1 analysts with detailed data for Tier 3 analysts
  • Custom detainment notification message to device users
  • Immediate notifications of un-detained devices
  • Preserves compromised device state for follow-up forensics and threat analysis
  • 3rd-party response orchestration

Privileged User Visibility

Gain Unparalleled Live Insight into Privileged User Activity and Behavior

  • Identify privileged user accounts
  • View privileged user activity, including network shares, remote desktop, remote execution, and more
  • Detect low-frequency privileged activity
  • Automatically reports new, previously unseen privileged users and activity
  • Immediately identify privileged insider threat

365 Defense

Microsoft 365 Security Add-on for 24/7 True Managed Detection + Response

  • Accounts Created/Deleted
  • Altered Administrator Roles
  • Too Many Login Attempts
  • Sign-in from Unauthorized Country
  • Email Impersonation
  • SharePoint or OneDrive Files Shared Publicly
  • SharePoint Site Deletion
  • Accounts Generating Spam
  • Ensure Audit/Mailbox Logs Always On
  • MFA Authentication for Administrators
  • No Scripting (PowerShell) Privileges for Non-administrators
  • Block Dangerous Email Attachments
  • Block Mail Forwarding Rules
  • Block Third Party Applications
  • Limit External Information Leakage
  • Block Top Spamming Countries

Learn more or schedule a demo by contacting us at 610-444-8256 or info@pegtech.com.