QUADX

XDR, a security operation automation solution under a zero-trust environment

QUADX is an XDR (eXtended Detection and Response) platform designed as a solution for extended detection and response that integrates the Network Blackbox as a Sensor and SIEM and SOAR functions to implement automation for the entire process of detection-analysis-response based on the original evidence data provided by the Sensor as a Console.

Request a demo

We aim for explainable security (XSec, eXplainable Security) based on definitive evidence and support the systemization of active security threat response.

QUADX Console

Collects security events and logs from various systems, and performs automated detection-analysis-response processes.

A01
Unified log and event collection
A02
Threat detection and incident reporting by correlation analysis and scenario rules
A03
AI-based automated threat detection and incident reporting
A04
Automating threat intelligence collection and refinement
A05
Automated incident investigation and response
A06
Custom Incident Investigation and Response Playbook
A07
App store for integration of various 3rd party products
A08
Integrate your own reporting system or internal incident response process

QUADX Sensor

The system automatically analyzes major security threat situations detected by the console and provides basis data to identify whether or not they are false positives.

B01
High-speed, high-volume traffic collection and replay
B02
Abnormal/Non-normal Behavior and Threat Detection
B03
Asset Risk Scoring
B04
Threat hunting based on attack tactics analysis
B05
Time series host status tracking
B06
Original Evidence-Based Explainable Security (XSec)
B07
3rd Party Response Integration

Integrated XDR platform

An integrated solution that covers various security areas such as networks, endpoints, clouds, and applications, providing comprehensive visibility into the entire IT environment.

AI/ML based automation

By leveraging artificial intelligence and machine learning technologies, you can automate threat detection, analysis, and response processes, improve the efficiency of security operations, and minimize human errors.

Automatic collection of original evidence based on full packet analysis

Inheriting the core technology of Network Blackbox, it performs full packet-based traffic inspection and in-depth analysis on the sensor, and all information and original evidence data collected during the analysis process are automatically provided for automated analysis by the system.

Threat Intelligence Integration

We provide regular and on-line updates of publicly available security threat intelligence (OSINT) collected and refined by our experts through our cloud service, Defense Center, and support API integration of industry standards (TAXII, STIX) to widely accept 3rd party threat intelligence. We also support the function of a threat intelligence management platform that synthesizes all threat intelligence, selects threat intelligence suitable for target companies and organizations, and adjusts its impact.

Automatic response actions

It performs automated response actions to detected threats and supports automation of the entire process from detection to analysis to response by reflecting the latest breach incidents and threat trends through predefined playbooks by our own experts (H LAB).

Flexible scalability

It supports integration with over 100 third-party security solutions and provides an API-based scalable architecture. It also provides extensibility through the app store to implement integration with various products operated by target companies and organizations with just a few clicks.

Visualization and Reporting

You can monitor security status in real time through an intuitive dashboard, and it provides various predefined templates or customizable dashboard and report functions to enable you to monitor key issues and visualize threat situations in a way that suits the business environment of the target company or organization.

Correlation analysis-based incident identification and detection

You can efficiently collect only incident-related events through the installed SIEM, or directly perform SIEM functions to collect logs and event information from various sources. For the incident-related events and logs collected in this way, we support three-dimensional threat detection and supplement threat judgment information for incident-related events through correlation analysis rules predefined by our own experts (H LAB) or user-defined correlation separation rules.

QUADX Function concept diagram

Information gathering and detection — Securing traces of detection — Correlation analysis — Artificial intelligence analysis — Threat Intelligence Analysis — Timeline Analysis — Automation of breach response

Traffic collection and full inspection

Detection and Accumulation
PCAP, Metadata, Files, Contents
Attack Tactics-Based Threat Hunting
MITRE ATT&CK Matrix TTP
In-depth network traffic analysis
DPA(Deep Packet Analyzer)
Full packet capture and storage
DPR (Deep Packet Respsitory) & Big Data

NDR

Network Detection
and Response

Artificial intelligence-based eventization

Incident subject to investigation
Incident Triage
Correlation-based threat visualization
Correlation and Visualization
AI-based anomaly detection
Machine Learning
Normalization of heterogeneous detection events
Enrichment and Normalization

SIEM

Security Information
and Event Management

Traffic collection and full inspection

Automatic analysis of investigation targets
Checking Reputation
Intelligence Refinement and Policy Making
TI Scoring
External Threat Intelligence Management
OSINT, CTI
Internal Intelligence Management
CMDB, User/Device Profile

TIP

Threat Intelligence
Platform

Traffic collection and full inspection

Automatic response to infringement incidents
Enforcement, Ticket Handling
Automatic classification of breach incidents
Incident Triage, Reporting
Automatic collection of evidence of infringement incidents
API Integration, App Support
Breach Investigation Playbook
Playbook Management

SOA + SIRP

Security Orchestration and Automation
+ Incident Response