Natrix threat hunting platform
Natrix – a centralised cybersecurity monitoring and threat hunting platform. The solution has been created by the NRD Cyber Security R&D team to enable coordinated threat monitoring. Its functionalities go beyond just visibility and offer capabilities to build and continuously refine rules for detecting threats and non-compliance. It is set-up in an organisation’s internal network and analyses traffic data just before it is sent across the internet. The platform is intended to be deployed in sectorial, national critical infrastructures, or organisations with complex infrastructures. It is set-up for central management, incident handling, and threat hunting.
The key features and benefits of the Natrix solution
- Data localisation: processed data is kept at the source, thus avoiding legal questions occurring when a third party hosts sensitive data (e.g., personal, regulated data). Due to Natrix, the central body is capable of building trust with other institutions by respecting their data residency and ownership.
- Better sectorial incident handling: faster identification and analysis of incidents due to more specific context available for the analysts who inspect security events. Analysts from the central institution are empowered to triage incidents with reliable and credible information.
- Early Warning signals: incidents which happen due to the same threat actor are identified and communicated faster. The time taken to detect new threats across the sector is drastically decreased.
- Effective incident management: same taxonomy, processes and automation are used by all participating organisations. The time taken to resolve incidents is reduced due to improved coordination.
- Curated CTI: centrally curated cyber threat intelligence indicators reduce cost and errors in incident identification and analysis for all organisations.
Key components of the platform
Customised blueprint in accordance with existing client infrastructure
Configuration of management automation features, infrastructure monitoring and auditing
Processes and Standard Operating Procedures (SOPs)
Hardware and software
Knowledge transfer to the client team
Integrated threat intelligence
Download the case study on how Natrix has been deployed for the Central Bank of Egypt
Natrix threat monitoring platform for Egypt’s financial sector
Natrix vs. SIEM vs. NDR
While at first glance Natrix and SIEM may seem very similar, however, they accommodate different needs and requirements. Below is a comparison of the two solutions:
- SIEMs are designed to work as security event information aggregators and analysers for incident detection in a single enterprise while Natrix provides a centralised approach.
- Sectorial or loosely connected organisations require alternative collective approaches, where data is collected, processed, stored, and analysed, respecting the collective trust agreement.
- In cases where organisations already have well set-up SIEM systems on premises, the Natrix platform provides centralised sectorial security visibility.
- Network Detection and Response (NDR) solutions only analyse network traffic and cannot monitor or track events at the endpoint. Natrix has been created by integrating NDR and perimeter defence elements not only to collect data, but also to correlate it and as a result achieve greater total visibility.
