Identify Systems that need to be protected

• SentryWire allows security analysts to tag systems as critical assets, correlating alerts and anomalous events against your defined critical assets, meaning security teams have more signal and less noise to isolate malicious activity easier.

Separating the identified systems logically into functional groups

• Services and assets are identified by alerts in logical groupings defined by attributes specific to your environment.

Implementing a defense-in-depth strategy around each system or group

• Leveraging the MITRE ATT&CK framework SentryWire identifies attack types by severity and attack phase, allowing security teams to identify events in recon, lateral movement, or impact stages and supporting need based triage for small teams.

Controlling access into and between each group

• SentryWire sends events to existing Security software, security or network teams can easily select log events where gaps in visibility may exist and forward these events in JSON or Syslog format to log collection servers or SIEMs.

Monitoring capability for visibility into activities that occur within and between groups

• SentryWire includes an investigator that gives analyst a flexible, Elastic search engine with visualizations and dashboards built to identify and investigate events of interest by drilling down into SentryWire data for visibility across each of your ICS+IT Zones.