ATOM ONE. Cyber attack prevention service
We created ATOM ONE to help organizations prevent attacks on their environment and, where appropriate, to help reduce the impact of such an incident.
Nowadays, there are many products and services on the market focused on security of a specific area. These are state-of-the-art technologies and by combining them you are able to provide protection of the whole enterprise. Naturally, such a scenario often brings problems with central administration, central view, central reporting. Every technology often has its own non-integrable console. And this is the first requirement on ATOM ONE we had - all the information is available in one place with the possibility of visualizing the data from other data sources. The result is our ATOM ONE Central Dashboard. Here, in addition to the technical details of the problem or recommendation, an evaluation of the current state is also displayed, even according to the individual areas.
Fig. 1: ATOM ONE Central Dashboard illustration
Since our service is primarily focused on security, the second requirement was clear - to bring the customer enough information to quickly, proactively and reactively address the security deficiencies of the organization or security incidents. In this regard, we primarily rely on two components - security technologies that are part of the Microsoft Security stack (Microsoft Azure, Office 365, Windows, Windows Server and many others) and the expertise of our KPCS team, which has allowed us to prepare unique data collections for detection, analysis and visualization of information. We can achieve all this with the help of three components. The first one is our ATOM ONE agent, which collects, and partially processes, data from the managed system. The second one is the ATOM ONE gateway, which supplies the collection and analysis with gathered data, for example, from network elements or IoT devices. The last component is native data sources within the cloud environment such as Azure Active Directory, Microsoft Threat Protection, Azure Sentinel, Microsoft Defender ATP, Azure ATP, etc.
Fig. 2: Example of some information within ATOM ONE
The third requirement on the ATOM ONE service was continuous development allowing customers to respond immediately to modern threats. The importance of maintaining the trend in the areas of displaying information and constant monitoring of the level of its consumption is currently also becoming a secondary task. Every graph, table, etc. must have an evident benefit and must clearly state the values. Going back to the main requirement, it is one of the most crucial elements in choosing a tool for security surveillance. The scenario where I buy a technology that has not been enhanced with new detection mechanisms and analytics since the date of the purchase is unthinkable in the field of cyber security. That's why we at ATOM ONE continuously work every week on expansion of the components that are part of the service, and after their development and thorough testing, we deploy them to all our customers around the world. Of course, we do not only deal with the mentioned detections, but we also introduce new functions and possibilities of environmental monitoring. What is great and what is the key element of the ATOM ONE service for us - you are ahead of the attackers, thanks to us.
In my opinion, if any tool operated in the customer's environment was updated on a monthly or weekly basis, it would be a real challenge for IT operations. In this respect, the only option is both full automation in terms of updates, and keeping the system running in association with the CI-CD model on the part of the manufacturer / supplier.
Another requirement was to ensure that our service is suitable for both small and large enterprises. And that is from all angles - financing, scalability, certification, security itself, etc. Whichever ATOM ONE plan you choose, the platform always runs on a robust and secure base within Microsoft Azure and can process from individual to millions of events and signals per minute. Our storage space is always ready to store terabytes of data. Thanks to this, you will access the required information very quickly, you can smoothly correlate amongst the data from the last month or year, and at the same time you do not have to think about the hardware that is needed for all of this in your data centre.
Email notifications arrive on time. Therefore, your teams can address the issue quickly and get the related information they need effectively.
Fig. 3: Example of generating more than a million events in the last 5 minutes. The whole query took less than 3 seconds.
Should you like to see for yourself that we meet our ATOM ONE requirements, visit our website and fall asleep tonight knowing that you are better prepared for cyber attacks in the future.