Cumulo

Modular SOC Platform.

Coming soon: Microsoft Sentinel connector for Cumulo NDR

Cumulo is our in-house built and maintained SOC platform used to deliver our SOC Services. We've designed Cumulo around the SOC Analyst to support their work in making yours and our business more secure by delivering our 24/7 Always On detect and respond capability.

Cumulo can act as a standalone Security Information and Event management (SIEM) tool with automation capabilities or work alongside other tools, such as Microsoft Sentinel, Splunk and IBM QRadar to enrich the data received, improving the information available for analysis. Cumulo can take a range of data sources, including logs, network traffic and more, bringing all tools together to provide a single lens into your organisation. This allows Analysts to have a single point of truth for investigation and incident response, reducing time spent moving between technologies and giving all data related to a particular event in one place to enrich the analysis.

Features

A centralised, all-in-one, analyst-focussed cyber defence platform
Full packet capture environment with IDS, including deep packet inspection
Automation and orchestration capabilities
SIEM, with log and event correlation
Transparent and open - used by both the SOC and the customer, with full access to data

Cloud Infrastructure

We can monitor all major cloud infrastructure platforms, covering a large range of tools and technologies within them. For some tools Cumulo has ‘2-way integrations’, allowing e2e and our customers to not only ingest logs and network traffic to monitor, but also interact with the tool from Cumulo, eliminating the need to work from multiple tools, with Cumulo being the single lens into your network.

Microsoft

Whether your organisation runs solely on Microsoft or uses elements of Microsoft’s cloud infrastructure as part of a mixed estate, we can monitor and integrate with your network.

We’re currently working on an MDR (Managed Detection and Response) SOC service for smaller organisations solely using Microsoft architecture to give you complete coverage, without costing the earth, perfect for SMEs. If you’d like to be the first to know about this service and help shape it, contact us today. Our key integrations that allow us to monitor all elements of the Microsoft stack include:
- Azure
- Azure AD
- Azure Monitor
- Azure Security Centre
- Azure WAF
- Microsoft Defender for Endpoint (MDE)
- Microsoft Defender for Identity
- Microsoft Defender for IoT
- Microsoft Defender for Office 365
- InTune
- Microsoft Sentinel
- Office 365
- Microsoft Teams
- Sharepoint
- Microsoft Cloud App Security (MCAS)
- Exchange
- Identity Protection
- Insider Risk
- Log Analytics
- Risk & Compliance
- System Center Configuration Manager (SCCM)
- Applocker
- Security & Compliance
- SQL
- Sysmon
- Windows Event Monitoring/Forwarding
AWS

Amazon Web Services has been the leader in ‘Cloud Infrastructure and Platform Services’ according to Gartner for a number of years as well as being the global leader by revenue. Not surprisingly, we see incredibly high demand for our AWS security NDR, MDR, XDR and SOC tools, that Cumulo sits at the heart of.

As a result, we’ve worked hard over the last few years to expand our technical integrations with AWS tools, whether that be for threat intel or the monitoring of logs and network traffic. A snapshot of some of our AWS integrations are:
- AWS WAF
- Security Hub
- Cloudfront
- CloudTrail
- CloudWatch
- EC2 Asset Collection
- S3 (generic and specific log collection)
- GuardDuty
- Inspector
- Lamda
- Load Balancer
- Macie
- VPC Flow logs
Oracle

Cumulo can integrate with any Oracle Cloud Infrastructure (OCI) tools to provide 24/7 monitoring and SOC services for your Oracle environment. We’re adding new integrations all the time and as customers are one step away from the developers with Cumulo, we can prioritise and add new tools rapidly upon request. In addition to the technical integrations, our team of Cyber Consultants also build use cases and playbooks specific to any tool, including Oracle technologies, building out the processes to follow based on a large range of eventualities. Oracle Cloud integrations include:
- Log Analytics Service
- Oracle DB
- Oracle Management Cloud (OMC)
- Application Performance Management
- Database Management
- Java Management Service
- Resource Manager
- Service Connector Hub
- Enterprise Manager
Coming soon:
- Oracle Cloud Guard
Google

With Google Cloud Platform (GCP) becoming more commonplace in organisations across the globe and in all industries, we are also seeing more demand for Google integrations to allow 24/7 SOC monitoring.

We've recently completed new integrations that allow both our and customer security analysts to deliver detect and respond services for Google Cloud environments, including monitoring of managed devices such as Chromebooks and Android mobile devices and working across Google Workspace and Google Cloud Platform (GCP). For more information, read our interview with our Business Development and Product Director on our blog. Integrations with the Google ecosystem include:
- Google Cloud Platform (GCP
- Google Workspace (G-Suite)
- Security Command Center (SCC)
- Chronicle

Other Integrations

Cumulo integrates with a host of other tools to receive logs and network traffic in order to fully monitor everything from your SIEM to your firewalls and infrastructure hardware, from SaaS tools to devices and EDR products.

Below are lists of some of the integrations we currently have – this is not exhaustive, if the product you’re looking for isn’t on here, there’s a chance it already has an integration with Cumulo, is in progress now or can be integrated with within weeks. Contact us if you’d like to enquire about one of your critical tools to improve your MDR and XDR capabilities.

In addition to monitoring the tools listed, Cumulo stores threat intelligence to improve business context and continuity and to shape specific playbooks and use cases for e2e and customers. We use a mixture of open and closed sources for our threat intelligence, as well as working with customers to run threat workshops to help identify and plan for known threats. On top of this, e2e also proactively look for zero-day exploits through our network monitoring.

Device & OS

In short, we can monitor any device in one way or another, below are the Operating Systems that our SOC can monitor through Cumulo:
- Windows
- MacOS
- Android OS
- Chrome OS
- iOS
- Linux
- Solaris
- Unix
Firewalls & Networking

One of the most common routes into an organisation’s network is through unpatched hardware, in particular a firewall. Remove the irony of being hacked via a tool designed to protect you with our integrations allowing monitoring of some of the most common firewalls (oh and patch them!) In addition, we also integrate with and monitor a range of Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS).
- Cisco
- Cisco Meraki
- Fortinet
- Juniper
- Palo Alto
- Sophos
- Checkpoint
- McAfee
- Sourcefire
- PFSense
- SonicWall
- Watchguard
In addition, we can monitor all major infrastructure hardware vendors, such as Cisco (Meraki), HPE (Aruba), Lenovo (IBM), Dell EMC and more.
AV, EDR & Vulnerability Scanning

Endpoints are an extremely common target for threat actors, improve on the basic protection given by your anti-virus and endpoint detect & respond tools but adding 24/7 SOC monitoring in a single pane of glass through Cumulo. Tools we integrate with include:
- Microsoft Defender for Endpoint (MDE)
- Sophos
- Symantec
- Trend Micro
- Kaspersky
- Bitdefender
- Cisco Advanced Malware Protection (AMP)
- McAfee
- ClamAV
- Tenable Nessus
- Tenable.sc
- Qualys
- Rapid7
Coming Soon...
- Carbon Black
- CrowdStrike
- CyberReason
- Palo Alto Cortex
- Bitdefender EDR
- Sentinel One
- ESET EDR
- Harmony EDR
- Blackberry Cylance

Software & SaaS

It’s one thing to just monitor devices and tools designed for security for suspicious activity, but now with many organisations effectively operating in various SaaS tools, it’s more critical ever to ensure you have visibility of these too. Cumulo can integrate with a vast range of software, including ITSM and SIEM tools with two-way integrations meaning cyber and IT teams can work from a single pane of glass, increasing efficiency and security. Some of the tools and organisations that we monitor include:
- Application System Management (ASM)
- Citrix
- Cloudflare
- Cisco Umbrella
- DefensePro
- Duo
- ELK
- Forcepoint
- HAProxy
- IBM Guardium
- iboss
- Intelfinder
- IPfix
- JAMF
- Kubernetes (K8s)
- Lastpass
- Logstash
- Mimecast
- Netflow
- Netscreen
- NginX
- NXLog
- OKTA
- OpenVAS
- OpenSCAP
- Pegasystems
- SalesForce
- Syslog NG
- Squid
- Websense
- Workday
- VMWare Workspace One
- Zscaler
SIEM & ITSM tools

Whilst Cumulo has all the capabilities of a SIEM tool (and more), we also integrate with other tools, often with our ‘2-way integrations’ to allow users to not only ingest logs and network traffic through Cumulo, but also pass information to the other tools, meaning that you only need look at Cumulo when investigating alerts and incidents, not needing to log in and out of multiple tools. Likewise, we can integrate with ITSM tools to allow better collaboration between cyber and IT teams and avoid duplication of communication.
- Arcsight
- IBM QRadar
- LogRhythm
- McAfee
- Splunk
- Microsoft Sentinel
- SolarWinds
- ServiceNow - we will integrate with your out-of-the-box ServiceNow & SecOps free of charge.
- SecOps (ServiceNow) - we will integrate with your out-of-the-box ServiceNow & SecOps free of charge.
- Remedy
- Cherwell
- ManageEngine
- Jira
- Slack
Others

There are a number of other tools and technologies Cumulo can also monitor and integrate with, including:
- Darktrace
- Netography
- MISP (Open-Source Threat Intelligence and Sharing Platform
- VMWare
- OpenStack
- Nutanix
- HyperV
- Garland
- Gigamon
- IXIA
- Relational Databases (including Oracle, SQL Server, MariaDB etc.)
- Snort
- Claroty

Anything else?

The above is an ever-growing list. If what you are looking for isn’t here it may already be in progress or we can integrate it for you - don’t hesitate to contact us for details.

Features

Cloud Infrastructure

Microsoft

AWS

Oracle

Google

Other Integrations

Device & OS

Firewalls & Networking

AV, EDR & Vulnerability Scanning

Software & SaaS

SIEM & ITSM tools

Others

Anything else?