Architecture

GreySpark Cyber is at home in any enterprise.

The virtual infrastructure deploys into on-premise or cloud environments. Basic implementation requires only the feeding-in of standard security sensors to begin visualizing cyber risk factors.

Security sensors types include network firewalls, intrusion detection & prevention systems, web proxy & anti malware systems, asset management systems, network vulnerability scanners, host, e-mail and network-based anti-virus systems and netflow IP traffic information. For organizations with existing log aggregation systems, integration is often one-stop shopping. GreySpark also accepts fused events from existing Security Information and Event (SIEM) systems and threat intelligence feeds.

The risk engine is primed with available historical data and then immediately begins calculating real-time risk indicators in 5-minute increments. The cyber risk dashboard displays real-time risk indicators, alerts and underlying measurement factors. From the dashboard, users can drill down to investigate the underlying drivers of risk.

GreySpark Cyber integrates with workflow management systems in order to automate the assignment of investigation and resolution tasks.