Vulnerability and Threat Management

Vulnerability and Threat Management is the act of identifying, assessing, classifying and remediating security concerns as well as analysing the cause of the problem to address it accordingly. It counts as an essential piece of the IT managment task in a company to ensure that their information is secure. Therefore, Watad provides Properly planned solutions to ensure the saftey of company information and help the IT managment department through the following:

SOAR SIEM ATP (Advanced Threat Protection) Vulnerability Management

SOAR (Security Orchestration, Automation and Response)

In the age of constant technology improvement, keeping the tech architecture safe comes first in mind to ensure that the organization’s digital assets are secure. However, during a day trillion of transactions and traffic is made in a network that makes it hard to monitor, detect and respond to incidents fast. Therefore, Watad offers you a solution in partnership with DF Labs called IncMan SOAR. IncMan SOAR counts as the only SOAR platform capable of full automation of the incident life cycle.


With the help of DFLabs R3 Rapid Response Runbooks, it can reduce the time from incident discovery to containment. Through full automation of threat triage, investigation and containment using complex decision making with 100+ automation actions. It is used in conjunction with playbooks, where organizations are provided with a checklist of required steps and actions to respond to incidents and threats, as well as to meet security frameworks such as NIST, GDPR, and ISO standards.
With all the data recorded, correlated and accessible in a single solution, it helps security teams to gain complete visibility of the organization’s threat landscape, to analyze and respond to alerts in real-time. It also helps data analysts by providing them with data gathered from previous incidents to inform future decisions and responses. These analysts can investigate indicators of compromise (IoCs) they also can add context and preform a response using a dynamic and actionable investigation interface.
Organizations can collaboratively manage complex incidents through IncMan SOAR’s incidents management features. They can also orchestrate technology, people as well as processes by managing tasks, tracking signs, handle notifications, as well as interacting with 3rd party tools and maintaining a complete audit log of incident activity throughout every incident.
DFLabs’s SOAR allows automation and orchestration of actions in 3rd party solutions, with over 45 certified bidirectional connectors and over 100 automation actions. Extend existing integrations or build new ones with the Open Integration Framework.
In any investigation evidence and chain of custody tracking count as a very important process, and to easily track evidence from servers and workstations, we offer IncMan SOAR. IncMan SOAR also has support for eDiscovery, which makes documenting complex eDiscovery cases a part of the process.
IncMan SOAR allows measuring, benchmarking and optimizing security operations and incident response. With over KPI reports readily available for operational performance, incidents, as well as threats, which permits organizations to immediately begin measuring all parts of the security program.
With DFLabs patent-pending Automated Responder Knowledge (ARK) engine, it applies machine learning by comparing the threat from previous threats with hundreds of attributes and relevant playbooks and actions, to respond effectively as well as to manage and mitigate future incidents.
The company portal serves as a hub to all (customers and partners). In it they can get the latest information, acquire first-hand support from our lead technicians, as well as to share knowledge. Key features include:
  1. Community forums
  2. Searchable knowledge base and FAQs
  3. Latest files and documents
  4. DFLab’s Framework Integrations
  5. Instant Access to DFLab’s Support
  6. IncMAN SOAR Community Edition
With DFLabs patent-pending Automated Responder Knowledge (ARK) engine, it applies machine learning by comparing the threat from previous threats with hundreds of attributes and relevant playbooks and actions, to respond effectively as well as to manage and mitigate future incidents.

SIEM (Security Information and Event Management)

Today’s networks have become more and more complex every day and trying to protect it from malicious intent have become almost like running a race against a malicious attacker that intend to steal the organizations’ and their customers’ information. Thus, it is essential for any company to safeguard its intellectual property, to avoid any business disruption, and to do so they must proactively monitor their system so they can rapidly detect and respond before any harm could happen to the data.
Therefore, Watad offers IBM Q radar. A Security Information and Event Management (SIEM) system that is made to provide the organization’s security team visibility into the enterprise-wide data and give them actionable insights into the highest priority threats.


  • Provide insight on both on-premise and cloud-based resources, and to maximize the relevant threat insight business context was applied to the data
  • IBM Q radar deeply analyzes network, endpoint, asset, user, as well as vulnerability and threat data to accurately detect both known and unknown threats that might be easily missed by others, without requiring data science experts
  • Tracks and identifies activities that are related to each other throughout the kill chain; so that the analysts can have end-to-end visibility if there was a potential incident
  • IBM Q radar includes threat intelligence from IBM X-Force and if the customers wishes so, it allows them to integrate additional threat intelligence feeds through STIX/TAXII
  • Out-of-the-box IBM Q radar integrate over 450 APIs and SDKs to help the customers gain the most out of their existing solutions
  • IBM Q radar offers many deployment options as it can be as a hardware, software or VMS for on-premises or IaaS
  • The data base is self-tuning, and self-managing to help the customers focus on security operations instead of managing the system. It is also easily scalable depending on the changing needs of the customer

  • Different information that the IBM Q radar can analyze:

  • Security events: firewalls, VPN, intrusion detection and prevention systems, databases, etc.
  • Network events: Switches, routers, servers, hosts, etc.
  • Network activity context: layer 7 application context, and application traffic
  • Cloud activities: SaaS, IaaS such as office 365, AWS, azure and Google cloud
  • User asset context: contextual data from identity and access management, vulnerability scanners.
  • Endpoint events: Windows event log, Sysmon, EDR solutions, etc.
  • Application logs: enterprise resource planning (ERP) solutions, application databases, SaaS applications, etc.
  • Threat intelligence: sources such as IBM X-Force

  • ATP (Advanced Threat Protection)

    FortiSandbox: Zero-day Threat Protection

    FortiSandbox improves zero-day threat detection efficacy and performance by leveraging two machine learning models—patent-pending enhanced random forest with boost tree and least squares optimization applied to static and dynamic analysis of suspicious objects. It also accelerates threat investigation and management processes by adopting standards-based on the MITRE ATT&CK framework for malware reporting.
    The Fortinet automated breach protection strategy enables FortiSandbox to easily integrate across both Fortinet and non-Fortinet products to provide real-time threat intelligence and speed threat response.
    FortiSandbox analysis also includes malware that targets industrial control systems (ICS) so it can deliver the same sandbox benefits to organizations that manage both Information Technology (IT) and Operation Technology (OT) business segments.


  • AI-powered Sandbox Malware Analysis
  • Automated Breach Protection
  • Mitre ATT&CK-based Reporting and Investigative Tools
  • Deployment options

    Standalone Integrated


    • Static Routing Support
    • File Input:
      1. Offline/sniffer mode
      2. On-demand file upload
      3. File submission from integrated device(s)
    • Option to create a simulated network for scanned file to access in a closed network environment
    • File Submission input: FortiGate, FortiMail, FortiWeb, FortiADC, FortiProxy and FortiClient (ATP agent)
    • JSON API to automate uploading samples and downloading actionable malware indicators to remediate
    • Certified third-party integration: CarbonBlack, Ziften, SentinelOne
    • Inspection of new threats including ransomware and password protected malware mitigation
    • AI-based Static Code analysis identifying possible threats within non-running code
    • Heuristic/Pattern/Reputation-based analysis

  • Vulnerability Management

    Tenable's Nessus

    Keeping up with the attackers is hard work; especially with limited resources, and the continuous changes that happen almost every second in the attack surface. Watad can help you change that and easily secure your organization using the worldwide trusted remote security scanning tool Nessus. Nessus is trusted in more than 30,000 organizations, and it counts as one of the most widely deployed security technologies in the planet.


  • High accuracy measured at .32 defects per one million scan Nessus was able to become the industry lowest fault positive rate solution.
  • Broad coverage with more than 130,000 supported plugins that are automatically updated real-time with the ability to customize said plugins and create custom audits. Nessus also provides coverage for more than 50,000 CVE.
  • High adaptation with more than 30,000 organizations globally, and with over 2 million downloads.
  • Gain insight through threat intelligence feeds with live results and seamless integration with multiple commercial threat intelligence feeds.
  • Get deep visibility into vulnerabilities with coverage that spans over 47,000 unique IT assets such as: network devices, operating systems, etc.
  • Ease of use "built for security practitioners, by security practitioners", with a design that focuses on intuitive experience to be able to find and fix vulnerabilities as efficient as possible with over 450 Pre-built polices and templates. Moreover, it also offers easily transferrable licenses between the organization's computers.
  • Customizable reports that includes the client name as well as its logo, and the capability to email it directly to the client after every assessment.