SNAP-Defense
Today, organizations utilize numerous security products and services. Most are standalone and too slow
to catch modern day attacks until after the payload has been delivered. Hackers are also relying more on
“living-off the-land” strategies: leveraging existing IT technologies and user accounts for malicious
purposes. As a result, detecting and analyzing hacker tradecraft often takes significant time, technical
expertise, and resources. The Pegasus SNAP-Defense security operations and incident response platform
is a gamechanger. SNAP-Defense excels at monitoring and catching modern hacking tradecraft,
delivering real-time alerts, and allowing for immediate threat response.
Managed Detection and Response (MDR)
MDR is the next evolution in cybersecurity services. SNAP-Defense is a Gartner-recognized 24×7 MDR
solution. From its Security Operations Centers (SOC), our experienced MDR team will monitor, actively
hunt, and respond to real-time threats – giving you peace of mind that your infrastructure is secure. Our
MDR service is significantly more cost-effective and efficient than if an organization were to build and
operate its own 24×7 SOC.
Satisfies Many Cybersecurity Compliance and Reporting Requirements
Pegasus SNAP-Defense is a Security Operations and Incident Response platform that will not only detect and halt breaches in their earliest stages, but will also automatically generate dynamically updated compliance reports for you; greatly simplifying the compliance and regulation portion of doing business and allowing you to focus on other areas that need attention.

SNAP-Defense is competitively priced and offers significantly more capabilities and value than competing solutions.
Multi-Point Threat Detection
Identify Threats in Realtime Using SNAP Patented Detection Technology
- Immediate network enumeration detection
- Immediate lateral spread detection
- Immediate remote privileged activity detection
- Immediate malware event detection (with managed antimalware integration)
- Immediate process hash and process tree visibility during an alert
- Immediate removable storage detection
- Immediate syslog-based threat alerting with automated context enrichment
- Continuous and custom monitoring of Windows process and service threat indicators
- Automated alert correlation and enrichment, including affected devices’ users, VLANs, hostnames, OS versions, and more
- Customizable suppression rules reduce threat event operator/analyst overload
- Realtime SMS and email threat notifications
- Integrates, consolidates, and enriches alerts from numerous 3rd party security applications, including Sophos, Cisco AMP, Meraki, and more
Risk and Compliance Reporting
Identify Security Risks and Ensure Continuous Compliance
- Quickly generate real-time and historical reports
Summary Report:
- Outstanding alerts by criticality, type, and time
- Overall system health and status
- Suppressed events by type and time
Compliance Report:
- PCI-DSS
- HIPAA
- NIST 800-171
- NYCRR-500
- Sarbanes-Oxley
- CJIS
- CIP-NERC
Privileged Activity Report:
- New/most/least active privileged users
- New/all remote executions
- Remote executions by user and application
- New/all RDP activity
- RDP activity by user, source, and destination
- New/all privileged share activity
Security Events Report:
- Antimalware events by severity, type, and time
- Process and service threats by severity, type, and device
- New attack sources and targeted devices
- New point-to-point connections
- New/all USB activity
- USB activity by device
- New/all malware persistence techniques
Network Report:
- Detected enumeration activity
- Enumeration activity by source, destination, and time
- Core network change detection
- SNMP community strings
- Insecure core network passwords
- Network Management devices, including TACACS, SNMP, NETFLOW, SYSLOG, NTP, and RADIUS

Realtime Threat Response
Stop Threats in Realtime with Built-in, Immediate, and Effective Response
- Point-and-click response to detain compromised devices
- Easily understandable alerts enable rapid triage by Tier 1 analysts with detailed data for Tier 3 analysts
- Custom detainment notification message to device users
- Immediate notifications of un-detained devices
- Preserves compromised device state for follow-up forensics and threat analysis
- 3rd-party response orchestration
Privileged User Visibility
Gain Unparalleled Live Insight into Privileged User Activity and Behavior
- Identify privileged user accounts
- View privileged user activity, including network shares, remote desktop, remote execution, and more
- Detect low-frequency privileged activity
- Automatically reports new, previously unseen privileged users and activity
- Immediately identify privileged insider threat
365 Defense
Microsoft 365 Security Add-on for 24/7 True Managed Detection + Response
- Accounts Created/Deleted
- Altered Administrator Roles
- Too Many Login Attempts
- Sign-in from Unauthorized Country
- Email Impersonation
- SharePoint or OneDrive Files Shared Publicly
- SharePoint Site Deletion
- Accounts Generating Spam
- Ensure Audit/Mailbox Logs Always On
- MFA Authentication for Administrators
- No Scripting (PowerShell) Privileges for Non-administrators
- Block Dangerous Email Attachments
- Block Mail Forwarding Rules
- Block Third Party Applications
- Limit External Information Leakage
- Block Top Spamming Countries

Learn more or schedule a demo by contacting us at 610-444-8256 or info@pegtech.com.