Defense Surface

Visibility

Visibility provides a compilation of product functionalities or gathered telemetry used for monitoring adversarial techniques, which in turn can be leveraged by detection systems to identify or thwart such techniques.

The configuration of integrations within Interpres dictates the nature of visibility. It may entail hardcoded product capabilities or, in scenarios involving a data lake, individual telemetry identifiers collected and stored for analysis.

Detections

Detections consist of rules sourced from security vendors or internally developed by security organizations. These rules leverage telemetry to notify organizations of potentially malicious activities. Interpres systematically aggregates both vendor-supplied and bespoke detection rules from relevant security products.

Integrations

Integrations encompass a range of vendor products, including EDRs, Data Lakes, SIEMs, Vulnerability Management Solutions, and similar offerings, each offering distinct security capabilities. Interpres establishes connections to these integrations through read-only APIs to comprehensively ascertain specific configurations and identify existing visibility, detections, or vulnerabilities. The collected data is then seamlessly integrated into the platform for comprehensive analysis and display.

Stack Rationalization

Stack Rationalization serves as a strategic framework to enhance organizational visibility across the current security tool stack, enabling the identification of coverage gaps and redundancies. Interpres furnishes data-driven insights to facilitate informed decision-making regarding the retention, integration, or replacement of tools. This ensures optimal utilization of invested resources, thereby maximizing the efficacy of the security infrastructure.