Security as a Service

Netbull Security as a Service is an outsourcing cybersecurity services model. SECaaS solutions provide security on a subscription basis in a way to ease the in-house security team’s responsibilities, scale security needs as the business grows, and avoid the costs and maintenance of on-premise alternatives.

  • WAF as a Service
    Detection & Prevention of any malicious attack on a website and web applications

    WAF as a Service (WAFaaS) detects and prevents any malicious attack on a website and web applications including advanced bot attacks, web defacement, SQL injection, cross site scripting, command injection, etc. The dynamic profile that has been integrated in the service accurately detects the attacks and minimizes the false positives in order to ensure the access of the authorized users and the same time block unauthorized traffic by malicious activities.


    Features of the service are:

    • Protection of web applications. The WAF service immediately and effectively protects an organization's web applications from attacks such as SQL injection, XSS, OS command injection, etc.
    • Immediate implementation. The WAF service does not require the supply of hardware or software and is provided immediately without any change in the organization's infrastructure simply by using DNS.
    • 24x7x365 support. To support our customers in matters of security, Netbull owns a modern and intelligence-driven Security Operation Center, staffed with security experts and specialists, who have extensive knowledge and experience in complex and distributed environments.
    • Threat Intelligence. The WAF service is completed with the Threat Intelligence service provided by our company and protects web applications by using reputation and community defense mechanisms through the cloud.
    • Compliance with regulatory frameworks. The service in collaboration with the Netbull Threat Management platform provides the necessary information for the organization compliance with the requirements arising from the regulatory framework and security standards such as GDPR, NIS, PCI etc.


    For more information and detailed presentation of WAF as a Service, please fill and sent the Talk With An Expert form and we'll contact you the soonest possible.

  • EDR as a Service
    Implementation of cyber security technologies that help to detect and handle threats targeted at endpoints

    Endpoint Detection and Response (EDR) is a term used to describe cyber security technologies that help organizations to detect threats that target devices such as laptops, servers and desktops.

    EDR combines elements of next-gen antivirus with additional functionality to deliver real-time anomaly detection, support threat hunting and help automate incident response processes.
    EDR solution works by collecting endpoint data and using behavioral analytics to examine it for evidence of suspicious activity. When an anomaly is detected, an alert is generated for human investigation. Endpoint telemetry can be used to perform kill chain analysis, contain and quarantine infected devices, create custom threat watchlists and block malicious IPs. This provides security teams with a crucial layer of visibility to identify and respond to intrusions.

    Netbull is providing that technology as a Service, following the “service as you grow” approach. It is also available to expand the endpoint telemetry capabilities combining them with security incident monitoring and management service, to achieve deeper threat visibility and coverage.
    In each endpoint (desktop, laptop or server) an EDR agent will be installed, which will enable security analysts to handle promptly and effectively with any detected threat. The analysts will have full knowledge of the incident in a minimum of time, and in collaboration with the administrators, will carry out remediation actions.

    The technical characteristics of this service are:

    • Detection based on file reputation: The solution contains a complete database for each file it has been detected and a corresponding good or bad reputation. As a result, known malware is quickly and easily quarantined without the need for a scan.
    • Polymorphic malware detection: Malicious software developers often write different variations of the same malware to avoid common detection techniques. The solution can detect these variants or polymorphic malware through fingerprinting. The fingerprint will look for similarities between the suspicious file’s contents and the contents of known malware families and convict if there is a match.
    • Machine learning analysis: The solution is trained by learning algorithms to identify malicious files and activity based on the attributes of known malware. Machine learning capabilities are supported by a cloud service to ensure a better and more accurate model. With this technique it is possible to detect zero time malware.
    • Attack detection and prevention: Through attacks on software and the memory of an endpoint a hacker can penetrate a network by avoiding the traditional protection mechanisms against malware. With our solution it is possible to detect any attack at the endpoints.
    • Malicious activity protection: The solution continuously monitors all endpoint activity and provides detection and blocking of abnormal behavior of a running program on the endpoint. For example, when endpoint behavior indicates ransomware, the offending processes are terminated, preventing endpoint encryption and stopping the attack.
    • Indicators of Compromise. Our solution constantly analyzes malwares to detect new types of threats and create behavior profiles for new emerging threats. These profiles are also known as Indicators of Compromise. Indicators such as file locations and registry modifications, are elements that the solution can use to identify compromised systems.
    • Vulnerability Detection: The solution identifies vulnerabilities in endpoint software to reduce the chances of a successful attack that exploits a software vulnerability. The endpoints that use vulnerable software are recorded and prioritized based on the Common Vulnerabilities and Exposures CVE rating: the more sever a vulnerability, the more prominent be on the list.
    • Low prevalence: The solution will automatically identify executables that exist in low numbers across the endpoints and analyze those samples in the vendors cloud-based sandbox to uncover new threats. Targeted malware or advanced persistent threats are often fly under the radar and start on only a few endpoints, but with low prevalence. Our solution will automatically hunt this software to uncover the 1% of threats that would have gone unnoticed.


    For more information and detailed presentation of EDR as a Service, please fill and sent the Talk With An Expert form and we'll contact you the soonest possible.