QOMPLX order form product definitions*
QOMPLX CYBER is QOMPLX proprietary data fusion platform that supports streaming data ingestion and enriching insights into an organization’s threats, and vulnerabilities.
Identity Assurance (IA)
QOMPLX Identity Assurance solution is used to track that identities issued by Active Directory (AD) domain controllers and cloud identity providers (IdPs) are valid and that they implement authentication protocols correctly.
- Attack detection templates: Use QOMPLX pre-built templates, aligned with the MITRE ATT&CK® framework, to help users detect and alert on common Kerberos and SAML attack techniques including pass the hash, pass the ticket, overpass the hash, skeleton key, and kerberoasting.
- Advanced detections: In addition to these detections and stateful Kerberos protocol validation tools, we offer hundreds of built-in rules and detections all aligned to critical MITRE ATT&CK® tactics.
- Administrator console: Used to receive real-time updates, manage detections, configure rules, and allows the user to take action with built-in incident management tools.
Privilege Assurance (PA)
QOMPLX Privilege Assurance solution analyzes the customer’s Active Directory data to help users identify security risks. Privilege Assurance extracts and processes Active Directory data and monitors the configurations of Active Directory by issuing a series of Lightweight Directory Access Protocol (LDAP) queries. PA’s graph view allows customers to explore attack paths and analyze blast radius of compromised assets.
Examples of data collected:
- Active Directory configuration parameters including Domains, Trusts, Organizational Units (OUs), and Group Policy Objects (GPOs).
- User profile settings in Active Directory, such as User ID, Display Name, and Email Address.
- Log-in activity and account configuration parameters.
- IP addresses of systems.
- User account rights and other Access Control Entries (ACEs).
- Computers joined to Active Directory, including parameters such as OS and last logonKerberos principal names (e.g. a workstation user or a network server).
- Active Directory group configurations and members.
- Hygiene-related attributes such as stale accounts, old password accounts, and admin accounts without password expiration.
Q:SCAN is a system that helps discover the customer’s “attack surface” of customer’s network and provides a risk score based on the signals collected using reconnaissance, enumeration, and other Open Source Intelligence (OSINT) techniques.
Managed Assurance (MA)
Managed Assurance is a service offering: a staff of security analysts fully manage all aspects of QOMPLX CYBER for the customer including monitoring of mutually agreed-upon data sources, detections, insights, and alerts in the platform.
Managed Detection and Response (MDR) subscription
QOMPLX Managed Detection and Response service includes ingesting, parsing, and reviewing mutually agreed upon log data sent to QOMPLX CYBER. QOMPLX will create technical response playbooks, including 24x7 monitoring with managed response and escalation plans.
*Only those products purchased by customer as specified in the executed order form between customer and QOMPLX shall apply to and be included in customer’s subscription.