Playbook-driven Fast Automated Response
- Industry-leading playbook library
- Optimized playbooks for nation-state APT group response
AI Agentic SOAR Platform
Analyze with Agentic AI, Playbook driven Security Operations Platform
Respond to security threats accurately with unified collection and AI-driven analysis. Agentic AI autonomously analyzes complex threats and Playbooks execute swift response.
Secure Orchestra Highlights
AI False-Positive Analysis Engine (AI CERT)
- Training data preprocessed by certified CERT analysts
- Lightweight AI modeler for low resource consumption
Threat Intelligence (TI) Service
- KISA C-TAS integration
- NCSC KCTI intelligence collection
- Proprietary bot-based global threat and reputation data
Asset Visibility with ASM
- Unauthorized system detection and blocking
- Trust asset service change management
- Shodan vulnerability scanning
- Service port scanner
Multi-dimensional Advanced Detection
- N-level correlation and profile analysis
- N-level DPI signature detection
- N-level threat intelligence analysis
- N-level AI analysis
Ultra-fast Collection, Storage & Search
- Industry-leading collection performance per single appliance
- Ultra-fast search powered by NoSQL
- DB to DB, Server to Server, Agent/Agentless log collection
Key Features
Integrated Collection & Ultra-fast Processing
Collect and unify security events from diverse sources in real time while processing 2.1 billion records per index in under 0.001 seconds with a NoSQL-based engine.
Attack Surface Management
ASM monitors and manages the full attack surface — every vulnerability and weakness an adversary could exploit — providing comprehensive visibility into cyber threats.
Comprehensive Real-time Monitoring & 3D Dashboard
Monitor security posture 24/7 through real-time event queries and a 3D multi-dashboard with cyber security weather map, while providing diverse tools for incident analysis.
Agentic AI Analysis
Agentic AI analyzes threats intelligently for rapid decisions and actions.
Playbook Automation
Automate repetitive response procedures to maximize operational efficiency.
Unified Security Ecosystem
Integrate existing security tools into a stronger security ecosystem.
Automated Reports & False-Positive Analysis
Automatically generate scheduled reports by hour, day, week, or custom period with email delivery, and produce secondary false-positive auto-analysis reports with admin delivery and edit support.
Normalization & Parsing
Normalize heterogeneous events and transform unstructured data into structured formats for easier analysis.
Rich Visualization
Provides 11 types of visualizations (3D/2D) with widget and preset configuration and auto-refresh support.
MITRE ATT&CK
Map attack events to MITRE ATT&CK techniques to understand and improve organizational security posture.
Hyper NMS
Built-in NMS module with multi-configuration Alive Check for improved accuracy.
Profiling Correlation Analysis
Profiling-based correlation analysis to detect related events using source IP/port statistics and Criminal Mind logic.
Built-in Vulnerability Assessment
ISMS-based vulnerability assessment engine for automated or manual scanning of SOAR system vulnerabilities.
Analyze with AI, Explain with XAI
Build trust with transparent AI models
BLACK BOX AI
GLASS BOX XAI
Build trust with transparent AI models
R1 (Web)
R2 (Malware)
- · Static Analysis
- · Dynamic Sandboxing
- · Behavioral Heuristics
- · Signature Matching
R3 (Network)
Anomaly DetectionTraffic AnalysisDDoS MitigationProtocol Anomaly
R-LLM (Gen AI)
- Contextual Understanding
- Natural Language Processing
- Threat Intelligence Synthesis
- Report Generation
Playbook Supporting the Ultimate Autonomous Ecosystem
Secure Orchestra Playbook condenses the CERT incident response procedure into 4 configurable stages and supports automated response.
Event Triggered!Playbook Start
01
IOC Setup
- Dynamic response settings linked to pre-detected events, profile events, and correlation events
- Free detection policy configuration within the playbook with detection response linkage
02
Analysis Setup
- Threat analysis for events detected at each stage
- TI Analysis (Virus Total, IBM Xforce, Somansa, ESTsecurity, KCTI, CTAS, Native TI, etc.)
- AI Analysis (AI R1, R2, R3, RLLM, etc.)
- DP Analysis (Detection Signature)
03
Alert Setup
- Various alert method configuration (GUI, Telegram, SMS, E-mail, etc.)
04
Response Setup
- Domestic and international solution integration and blocking API settings
- Ticket processing system setup via SIRP
- PB Workflow analysis response processing log
* Takes 5–6 minutes
* Secure Orchestra Playbook 4-stage configuration screen
EASY
Easy Workflow Setup
- Mouse Drag & Drop for easy workflow setup
- Workflow validation simulation for user configurations
6,800+
Industry-Leading Playbook Library
- Over 6,800 pre-defined playbooks
- Over 100 playbooks for nation-state hacker groups (Kimsuky, Lazarus, etc.)
AI
AI-based Analysis & Anomaly Detection
- Ontology-based MITRE ATT&CK attack matrix analysis and AI similarity analysis
- AI-driven inference and policy recommendation for similar hacking workflows
All-in-One Single Mode / Multi Load Balancing Mode
Single ConfigurationAll-in-One Single Mode
- Web Firewall
- Tap S/W
- IPS
- VPN
- APT
- NAC
- Etc.
Collector + Manager(All-in-One)A single system provides the default All-in-One configuration
Multi-tier ConfigurationMulti Load Balancing Mode
- Web Firewall
- Tap S/W
- IPS
- Firewall
- Anti-DDoS
- Switch
Collector#1
- Web Firewall
- Tap S/W
- IPS
- Firewall
- Anti-DDoS
- Switch
Collector#2
⋮
Manager(Analysis) #1
Manager(Analysis) #2
⋮
ManagerSupports multi-tier architecture for large-scale event distribution and unit/division node deployment
* Multi load balancing mode is configured after consulting based on customer environment
Secure Orchestra
