Security Automation System is a system which operate with:
- Network/Cloud traffic analysis & anomaly detection (Netflow/VPC Flows)
- System performance & events anomaly detection
- Phishing attacks
- Endpoint protection
- Identity verification & enforcement
- SIEM triage
- Insider threat detection
- Threat intelligence & Threat hunting
- Playbook automation for common issues
- Auto whitelisting / blacklisting (Proxy, NGFW)
- Troubleshooting (VPN, connectivity, etc)