Grupo ICA

Posted: 15th April 2022
Grupo ICA

Product Overview

LogICA5 NGSIEM is a Security Information & Event Management (SIEM) tool that collects logs and performs forensics and threat analysis in real-time. This tool allows responders to efficiently manage logs and alerts from security tools within their environment to reduce risk and remediate threats.

MonICA NGSIEM is the new tool of the National Cryptological Center for the management of security events and information. This platform integrates perfectly with the rest of the CCN tools for a global control of cybersecurity in public institutions. MonICA is an automated information and security event management system that collects all existing information on potential threats in a single platform, allowing not only to react to attacks, but to anticipate them to remedy them before they occur.

Challenges Overcome Through Integration

Security operations center (SOC) teams are inundated with alerts and events. By joining forces through seamless integration, security event management from LogICA5 and MonICA and security intelligence from Recorded Future helps analysts reduce manual research time and make informed verdicts. SOC analysts can efficiently dismiss false positives and capture threat context for true incidents.

The joint solution enables analysts to instantly integrate prioritized and actionable threat intelligence with your existing security controls inside LogICA5 and MonICA to:

  • Proactively block threats before they impact the business
  • Increase visibility by overlaying external context on top of internal telemetry data
  • Detect previously unknown threats and vulnerabilities
  • Reduce manual time spent researching indicators of compromise (IOCs) and mean-time-to-remediation (MTTR)

Integration Description

Recorded Future for LogICA5 and MonICA helps teams make more confident decisions faster. With up-to-the-minute risk scores and evidence, teams can easily see which indicators need attention first, helping them prioritize their time to achieve maximum impact.

The list of catalogued entities inside LogICA5 and MonICA are periodically correlated against Recorded Future’s security intelligence so that critical information is always updated with external context from Recorded Future comprehensive collection of sources. LogICA5 correlation engine enables analysis, situational-awareness, and intelligence rules to automate detection of potential threats offered by Recorded Future.