SECNOLOGY is a Security Cockpit with Active Control (CSCA) performing the capture, detection, processing, and automatic response to various computer security events.

SECNOLOGY is a cybersecurity company specializing in proactive and automatic event management.

Secnology illustration

SECNOLOGY is an American startup specializing in Big Data Security which markets an orchestration and automation solution for event responses (SOAR) in the field of IT Security. It is a Security Cockpit with Active Control (CSCA) performing the capture, detection, processing, prevention, and automatic response to various cybersecurity events.

SECNOLOGY automatically transforms captured events into structured defense actions adapted to your environment.

SECNOLOGY is a SIEM+SOAR+XDR, an all-in-one that allows cybersecurity professionals to see what is happening in their extended environment, understand what is happening, decide what actions to take and what to do, and to act or react automatically with measures adapted to the context and the environment.

SECNOLOGY offers three different types of users, namely end users, CISOs, and experts, the simplest and most powerful solution to globally manage all IT security events and to orchestrate actions and reactions automatically in response to these events (proactive and reactive).

The philosophy of the solution can be summed up in a few words.

Today, cybersecurity issues are addressed through the standard triptych of the 3Ps : Product, People and Process.

  • The technologies are based on standards (RFCs). These technologies have an operational configuration that must reflect the desired policy of the company.
  • The staff is supposed to be informed, educated, and competent enough to respect the rules and the security policy required by the company.
  • Processes concern both technologies and personnel. They are decided and implemented by the staff. They are supposed to organize things to coordinate everything, and avoid errors and failures.

All operate with a maxim from Heraclitus of Ephesus that has remained true for 2500 years: “Nothing is permanent except change”.

But now, we all know that at each of these 3 levels there are malfunctions and failures that can be exploited by any source of malevolence.

The objective of SECNOLOGY is to position itself above, in hat and in addition, to ensure preventive and corrective actions on each of these levels to reinforce the security of the whole and limit the impacts of these failures.

SECNOLOGY is a safety cockpit, with automatic actions and reactions, totally calibrated to your environment.

SECNOLOGY modules

SECNOLOGY has four modules. Only the Manager is mandatory. All other modules are optional.

SECmanage module

SECmanage is the “Master Mind” of the solution. Its central role is to ensure the administration and configuration of all the modules with the management of the rights and privileges of the operators, and to ensure the processing of all events (in real time) or traces (at the request or a posteriori).

SECmanage has the following main functions:

  • Research, filtering, enrichment, segregation, normalization of data
  • The processing, identification, classification, and categorization of events
  • Correlation of events from different sources
  • Intrusion detection and prevention
  • Vulnerability detection and management
  • The detection of anomalies and their treatment
  • Managing rules and producing alerts
  • The assessment of indicators and the comparison of metrics
  • Production of dashboards and visualization of graphs
  • Automatic work scheduling
  • The response to an event with an appropriate action,
  • Data lifecycle and history management,
  • Configuration audit and analysis,
  • Audit and analysis of access rights and internal resources

SECweb module

The SECweb Portal makes it possible to provide a remote user, initiated or not, to operate SECNOLOGY through any browser via a secure Web interface, to execute Jobs and to retrieve the reports, alerts, and dashboards of interest.

SECagent module

The SECagent module is used to collect events from certain information sources that do not know or cannot transmit the data by themselves to the Collector. SECagent will look for the traces of these events directly on these sources, and send them to the Collector.

SECagent allows to:

  • monitor the integrity of user files and directories
  • monitor the integrity of registry keys, system libraries and applications
  • manage user access rights and privileges on files and directories
  • audit user activity on these files and directories in real time
  • audit access and modifications to Active Directory or SharePoint directories in real time
  • to audit the inputs/outputs of the USB interfaces
  • audit printing on your local or network printers

SECcollect module

The SECcollect Collector is a module that listens to and records all events in real time emanating from a set of information sources, whether these sources are local, remote, or in the cloud.

The main functions of the SECcollect Collector are:

  • Authenticate source devices (transmitters)
  • Collect source events
  • Filter events
  • Store raw traces
  • Store filtered traces
  • Secure traces (time stamp, seal, encrypt, compress, duplicate)
  • Transmit events in real time to the various departments and to the Manager
  • Relay traces to other internal or external recipients
  • Archive the traces collected in different silos on NAS, SAN, Filers, or Robots
  • SECcollect supports more than 22 communication protocols to date, and is regularly enriched.