TD Website

Overview

Platform Introduction

ThreatDefence delivers an end-to-end cybersecurity suite that combines SIEM, Network Detection and Response (NDR), Endpoint Visibility, Threat Intelligence, and Vulnerability Management into a single integrated SecOps platform.

The platform is implemented as a fully supported SaaS service, designed to provide comprehensive enterprise coverage. It integrates all available security data, including:

  • Internal data sources such as endpoints, servers, and network telemetry.

  • External data sources including cloud workloads, SaaS applications, and third-party services.

  • Threat intelligence feeds covering Dark Web breaches, compromised credentials, external vulnerabilities, and supply chain risks.

The platform is delivered as a cloud-hosted service, with lightweight data collection sensors deployed within customer environments.

Platform Architecture

At a high level, the platform architecture can be represented as follows:

ThreatDefence Platform Overview Diagram

Core Components

  • Cloud SIEM / SecOps Platform – Centralized analytics, dashboards, and automation.

  • Endpoint Visibility and DFIR Agents – Comprehensive telemetry from workstations and servers, with forensic capabilities.

  • Network Detection and Response Sensors – Passive network monitoring for threats and anomalies.

  • Syslog Collectors – Secure log forwarding and aggregation from diverse infrastructure.

  • Cloud, API, and Syslog Integrations – Native integrations with Microsoft 365, AWS, GCP, security tools, and SaaS platforms.

Why Onboard Data Sources

Onboard Data Sources - Unlock Your SOC's Full Potential

Why does onboarding more data sources matter? Every log, event, and alert from your environment is a piece of the puzzle. The more pieces you provide, the clearer the picture your ThreatDefence platform can build. Onboarding data is the single most important step to transforming your SOC from reactive to proactive.

We support 1000's of data sources to provide a complete coverage over all corners of the orgnisation.

Think of it this way: You can't stop a threat you can't see. Complete visibility is your greatest asset.

How Data Onboarding Benefits Your Business & SOC

Providing comprehensive data doesn't just help our system—it directly enhances your security team's efficiency and effectiveness, delivering a faster return on your investment.

If You Onboard...

Your SIEM Gains...

Your SOC Team Gains The Power To...

Firewalls & Proxies

Network context, policy violation alerts, and east-west traffic visibility.

Answer: "What internal system is trying to talk to a malicious domain?" and block it at the source.

Endpoint Data (EDR/Agents)

Process creation, file changes, and user activity on critical assets.

Answer: "What happened on this server before the alert?" and reconstruct the attack timeline in minutes, not days.

Identity Services (e.g., Active Directory, Azure AD)

User logins, privilege escalations, and group membership changes.

Answer: "Was this a legitimate user or a compromised account?" and stop credential-based attacks immediately.

Cloud Platforms (AWS, Azure, GCP)

Configuration changes, API calls, and security group modifications.

Answer: "Did someone just change a security group to expose our database?" and reverse malicious changes automatically.

Network Sensors (NDR)

Deep protocol analysis and decoded traffic for every connection.

Answer: "What data was exfiltrated and where did it go?" with definitive proof for incident reports.

Vulnerability Scanners

A live map of software weaknesses and misconfigurations.

Prioritize patching on the most exploitable vulnerabilities that are actively being targeted.

PreviousMicrosoft 365 MonitoringNextPlatform Components

Last updated