1.Log Collection - can generate millions of events per day. You need a tool that lets you quickly search, visualize, and analyze them all immediately when a security event occurs
2.SIEM (security information and event management) - tools generate alerts based on rules you set and present dashboards with real-time and historical visual analysis on the logs you collect.
3.Endpoint Detection and Response - covers all servers and workstations and helps you identify processes that create security issues and domain-name system look-ups executed by user accounts
4.Threat Hunting - teams find unknown or suspicious malware and network intrusions
5.User and Entity Behavior Monitoring -runs real-time analysis on users and entities (workstations and servers) to establish normal baseline behaviors.
6.Vulnerability Management - proactively identifies and prioritizes security defense gaps, so you can quickly close them before a digital asset is compromised.
7.Deception Technology - applies decoy devices using unassigned IP addresses to attract cybercriminals…and steer them away from your real digital assets.
8.Threat Intelligence Feeds - provide information to supplement all the threat information you are collecting internally on your network and stay ahead of new types of attacks.