• Aashish Goela
• July 7, 2025
• No Comments

Innovation thrives when powerful ideas meet practical execution. At Seceon’s Q2 2025 Innovation & Certification Days, we witnessed this principle in action as security professionals, engineers, and partners gathered to explore the cutting-edge capabilities that define modern threat detection and response.

Among the compelling sessions that captured attendees’ attention was Abhishek Tripathi’s comprehensive demonstration titled “From Detection to Action: Live Demo of NDR and aiSIEM Features.” This wasn’t just another feature showcase – it was a hands-on journey through the analytical powerhouse that drives Seceon’s Open Threat Management (OTM) platform.

The session provided an in-depth look at how Seceon’s Network Detection and Response (NDR) and AI-powered SIEM capabilities work together to transform raw security data into actionable intelligence, offering participants a front-row seat to witness the evolution of threat detection in real-time.

Click here to view complete video of Abhishek Tripathi’s session.

The Foundation: Seceon’s Open Threat Management Platform

Modern security operations demand more than siloed tools – they require an integrated ecosystem that can seamlessly correlate data across endpoints, networks, clouds, and hybrid environments. The OTM platform represents this vision realized: a unified architecture that combines AI-driven analytics, machine learning capabilities, and real-time processing to deliver lower Mean Time to Detection (MTTD) and faster Mean Time to Response (MTTR). From malware attacks to sophisticated ransomware campaigns aligned with the MITRE ATT&CK framework, the platform provides comprehensive visibility through a single pane of glass.

NDR Evolution: Smarter Network Policy Management

Enhanced Network Policy Rules

One of the standout improvements Abhishek demonstrated was the enhanced flexibility in Network Detection and Response (NDR) policy creation. Traditional network security tools often force administrators into rigid configurations, but Seceon’s approach breaks these limitations.

The new network policy engine supports:

• CIDR notation: Enabling precise subnet-level control
• IP Range specifications: Allowing flexible address grouping beyond traditional asset groups
• Bulk import capabilities: Streamlining large-scale policy deployment
• Robust validation systems: Ensuring uploaded rules maintain integrity and effectiveness

This flexibility means security teams can now create granular network policies that reflect their actual network topology and security requirements, rather than being constrained by tool limitations. The bulk import feature, in particular, addresses a common pain point for enterprise deployments where hundreds or thousands of network rules need to be implemented efficiently.

Access Control Revolution: Custom Role and Access Management

Beyond Standard User Roles

Abhishek highlighted a critical advancement in user access management that addresses the nuanced needs of modern security operations. Moving beyond the traditional Admin-User-Viewer model, Seceon now offers completely customizable user roles that provide granular control over platform access.

Key capabilities include:

• Custom role creation: Tailored permissions beyond standard categories
• Screen-level access control: Determining exactly which interfaces users can access
• Multi-tier deployment: Available across MTMT (Multi-Tenant Multi-Tier), MSSP, and Enterprise environments
• Principle of least privilege: Ensuring users see only what they need to perform their functions

This approach is particularly valuable for MSSPs managing multiple clients or large enterprises with diverse security team responsibilities. By implementing precise access controls, organizations can maintain security while enabling efficient collaboration across different roles and responsibilities.

The Game Changer: Deep Tracker 2.0

Powered by PPL (Piped Processing Language)

Perhaps the most impressive demonstration of the session was Deep Tracker 2.0, representing a significant leap forward in security data analysis capabilities. Built on PPL (Piped Processing Language), this new query engine addresses long-standing challenges in security data investigation.

The advantages of PPL include:

• Intuitive pipe-based syntax: Familiar to analysts who work with Splunk SPL or Unix pipes
• Incremental query building: Commands build step-by-step, making complex queries easier to construct
• Enhanced readability: SQL-like syntax that security analysts prefer
• Simplified debugging: Step-by-step query modification and troubleshooting
• Built-in aggregation functions: Native support for operations like stats count() by user_name

Example PPL Syntax: While the presentation showed live examples, the power lies in how analysts can build complex investigations incrementally, adding filters, aggregations, and transformations in a logical, readable sequence.

AI-Powered Query Assistance

Looking ahead, Abhishek teased the upcoming SERA AI – PPL Query Assistant, which will provide intelligent guidance for query construction, making advanced analytics accessible to security professionals regardless of their technical background.

Instant Visualization Capabilities

Deep Tracker 2.0 transforms raw query results into actionable visual insights through multiple chart types:

• Bar Charts: Ideal for comparing categorical data
• Pie Charts: Perfect for showing proportional relationships
• Area Charts: Excellent for time-series trend analysis

This visualization capability allows security teams to detect patterns in log ingestion, identify anomalies in network behavior, and present findings in formats that facilitate quick decision-making. Not all searches are visualization-friendly, but when they are, the impact on investigation speed and accuracy is substantial.

Enhanced Visibility: Log and Flow Collection Visualization

Comprehensive Device and Connection Mapping

Abhishek demonstrated how the platform provides unprecedented visibility into network infrastructure through innovative visualization techniques:

• Device Visibility: Sankey charts provide intuitive visualization of all connected devices and their types, making it easy to understand network topology at a glance.
• Connection Mapping: Interactive flow diagrams show device-to-CCE (Central Collection Engine) connections, helping administrators understand data flow patterns and identify potential bottlenecks or security gaps.
• Ingestion Monitoring: Visual flow representations track data ingestion trends, providing real-time insight into log collection performance and helping identify issues before they impact security operations.

These visualizations transform complex network data into intuitive, actionable insights that support both day-to-day operations and strategic security planning.

Enterprise-Scale Data Management: Deep Tracker Offline Data Dump

Unlimited Export Capacity

One of the most practical features demonstrated was the offline data dump capability, addressing a common limitation in security platforms where large data exports are restricted or impact system performance.

Key capabilities include:

• Unlimited export capacity: Dump all search results beyond browser limitations
• Comprehensive data types: Export threat indicators, flows, and alerts data
• Non-disruptive operations: Offline processing prevents system performance impact
• Intelligent throttling: System manages multiple data dump requests to maintain performance
• Scalable retrieval: Export from single records to terabytes seamlessly

Task Management and Notifications

The platform provides comprehensive task tracking through the System Task Tracker, allowing users to monitor data dump progress and completion status. Email notifications ensure users are informed when tasks complete or encounter issues, enabling efficient workflow management.

This capability is particularly valuable for compliance reporting, incident investigation, and forensic analysis where large datasets need to be extracted and analyzed offline.

Operational Excellence: Remote CCE Upgrade

Streamlined Infrastructure Management

Abhishek concluded the technical demonstration with a feature that addresses a common operational challenge: remote CCE (Central Collection Engine) upgrade management.

The new capability allows administrators to:

• Control CCEs directly from the UI: No need for direct system access
• Upgrade CCEs remotely: Streamlined update process
• Manage customer environments: No access to customer CCE infrastructure required

This feature is particularly valuable for MSSP environments where service providers need to maintain customer systems without requiring direct access to customer infrastructure, enhancing both security and operational efficiency.

The Integration Ecosystem: Beyond Core Features

Comprehensive Platform Integration

Throughout the demonstration, Abhishek emphasized how these features integrate within Seceon’s broader ecosystem, including:

• CCE and APE (Advanced Processing Engine) integration
• EDR & EPP agent coordination
• Partner program support and revenue optimization
• Support ticket integration through the partner portal

This holistic approach ensures that individual features contribute to a unified security operations experience rather than operating as isolated capabilities.

Real-World Impact: From Detection to Action

Transforming Security Operations

The session’s title, “From Detection to Action,” perfectly encapsulated the demonstrated capabilities. Each feature contributes to reducing the time between threat detection and response:

• Enhanced NDR policies provide more precise threat detection
• Custom access management ensures the right people have the right information
• Deep Tracker 2.0 accelerates investigation and analysis
• Visualization capabilities speed up pattern recognition and decision-making
• Offline data dump supports comprehensive forensic analysis
• Remote CCE management maintains system reliability and performance

Looking Forward: The Future of Security Analytics

AI-Driven Evolution

Abhishek’s demonstration highlighted Seceon’s commitment to AI-driven security operations, with features like the upcoming SERA AI assistant representing the next evolution in security analytics. The combination of machine learning, real-time processing, and intelligent automation positions organizations to stay ahead of evolving threats.

Compliance and Customization

The platform’s emphasis on customizable dashboards and compliance reporting addresses the growing regulatory requirements facing organizations across industries, while the flexible architecture supports diverse operational needs.

Final Thoughts: Innovation Meets Practicality

What made Abhishek’s session particularly compelling was the seamless blend of advanced technical capabilities with practical operational needs. Each demonstrated feature addressed real challenges faced by security teams, from the analyst struggling with complex queries to the MSSP managing multiple customer environments.

The Q2 Innovation Days session reinforced that effective cybersecurity isn’t just about detecting threats – it’s about empowering security professionals with the tools, visibility, and intelligence they need to act decisively and effectively.

As Seceon continues to evolve its OTM platform, sessions like this demonstrate the company’s commitment to innovation that serves real-world security operations, ensuring that advanced capabilities translate into tangible improvements in threat detection, investigation, and response.