FAQ

Browse through our frequently asked questions. If anything is left unanswered, click the button below or contact us here.

What is Pillr?

Pillr is a cybersecurity operations solution designed to adapt to the evolving needs of IT teams and service providers. With Pillr, IT professionals can access the industry’s most performant security technologies in an intuitive, web-based platform that’s collaboratively managed by our expert 24/7/365 SOC team.

Analyze events across the entirety of your security toolset and tenants, inspecting 100% of formats and sources across endpoints and networks. Achieve true end-to-end data awareness in a single dashboard—your source of security posture truth.

Today, the platform supports over 450 integrations, and with our ‘Any service, any tool’ commitment, support for something new is possible and a part of our promise to Pillr customers.

What’s my commitment to Pillr?

Pillr is accessible in a simple, month-to-month contract; there are no minimums, and you can cancel after just one month. Plus, you can check it out before committing in a personalized demo and trial.

What are the fundamental Pillr service and support standards?

24/7/365 support for security and technical issues, with the option to call or email Pillr Support.
Initial response will be delivered within 15 minutes.
Pillr offers co-managed security operations experience; your team collaborates with our 5 Pillr SOCs to analyze data across your customers and toolset. We will escalate issues as needed and provide step-by-step remediation guidance.

What’s included in partner-managed security operations on Pillr?

Onboarding: Adding customers, deploying agents, setting up integrations, and creating and managing Workflows.
Offboarding: Uninstalling Pillr agents, deleting agents in the portal, and cancelling subscriptions for customers and associated integrations.
Ticketing: Investigating and remediating security tickets escalated by the Pillr SOC.
Vulnerabilities: Setting up procedures to use vulnerability data in accordance with partner-integrated patching tools.

What is a security escalation on Pillr?

A security escalation is a question, investigation, or Workflow-triggered communication from a partner regarding a security event in the portal. This could include a general request, like, “Could you help me understand this ticket?” as well as specific requests, like, “Could you provide the last 24 hours of login data for this user?” Each escalation is filed as a case with Pillr Support.

What happens when a case is filed with the Pillr SOC or Support teams?

When a case is filed with Pillr Support, or a Workflow escalation is initiated, partners can expect an initial response within 15 minutes; detailed communication will be delivered within 30 minutes of the case filing, including investigation details. Pillr is committed to being a guiding voice to our partners as they address security issues. In this effort, we may recommend escalation to the Pillr Incident Response service team.

How are cases managed by the Pillr SOC and Support teams?

Initial response time: 15 minutes

The amount of time between Pillr Support being alerted to an issue (via partner email/phone escalation or Workflow) and our first response.

Investigation time—for detailed response: 30 minutes

The time between the initial response delivered by Pillr Support, inclusive of acknowledgements and follow-up communications. Follow-up communications can be confirmation of an incident or false positive, with remediation advice and other useful information provided.

Target resolution time: Dependent on situation variables

The time between the initial response delivered by Pillr Support and the closing of the ticket. Pillr is committed to helping partners identify and remediate malicious activity identified through tickets raised in the portal. However, the actual implementation of remediation advice and troubleshooting for security incidents mostly depends on the partner’s ability to co-ordinate and implement changes with their customer.

The process of identifying, investigating, and remediating malicious activity on Pillr is collaborative—a combination of utilizing platform capabilities, communicating with Pillr Support, and coordination between the partner and partner’s customers. Due to the collaborative nature of this route to resolution, there is no defined target resolution time offered by Pillr.

Why is the SLA different for security escalations?

While every case we receive is important to our team, we prioritize security escalations due to the time-sensitive, potentially impactful nature of these issues.

What is a technical escalation?

Technical escalations capture questions or requests for assistance from a partner regarding the Pillr portal and associated technology. This includes but is not limited to questions regarding agent deployment and management, the addition of customers and/or user accounts, integrations, the Pillr Knowledge Base and/or user interface, reporting capabilities, search experience, threat intelligence, and customizable Pillr Workflows. Each escalation is filed as a case with Pillr Support.

While Pillr will assist with queries and questions, partners have full control over their Pillr tenant—they are free to implement changes, such as adding integrations or scheduling reports. We encourage partners to utilize our documentation when implementing changes to the portal.

What is the Pillr commitment to technical response?

When a case is filed with Pillr Support, partners can expect an initial response within 15 minutes. Most cases filed with Pillr Support are promptly addressed via call or email.

If needed, we will liaise with our development team to mitigate the recurrence of technical issues. Where the issue requires assistance from the development team, resolution may be dependent on further investigation and implementation of back-end changes. The time to resolution for these cases varies depending on the nature of the problem, however we are committed to openness and transparency, providing timely updates on the case status to our partners.

Our mission

Pillr is the product of the Novacoast software development division—a team with over 20 years of experience engineering advanced cybersecurity solutions, embedded in a company with a 26-year history in the industry.

Our mission is to take the detection rate of finding advanced threats from industry average 220 days down to hours. It’s a human goal—we are collectively committed to using today’s most performant technologies and time-tested processes to deliver exceptional, tangible results for our customers.

Our approach utilizes a unique combination of threat analysis, intelligence, and ongoing monitoring of endpoint activity—a context-driven comprehensive incorporating log data and feeds from third-party telemetry. Our team assesses every event, from anomalous login behavior to routine URL review to identify suspicious browser extensions, we catch threats other vendors miss.

What is SOC-as-a-Service?

SOC-as-a-Service, or SOCaaS, is the delivery of a security operations solution in the spirit of SaaS—the trend of providing services using cloud-hosted software and applications. Through a service-focused approach on a web-based platform, partners can build an enterprise-grade cybersecurity program in a subscription model that’s accessible and scalable.

SOCaaS dramatically reduces concerns of overhead of operational costs, staffing, and technology maintenance—these are managed by the service provider; no longer are customers responsible for installing network monitors or managing physical assets, wrangling compatibility and versioning issues, or upgrading.

How does it work?

Traditionally, security operations centers are set up to accommodate a pool of customers, with each customer maintaining a unique computing environment and network generating data—data that’s ultimately consumed by monitoring and response tools selected by the customer.

While this model provides a strong security posture for a provider’s customers, it lacks extensibility; IT teams are constrained by the cost and time required to maintain, update, and understand infrastructure and software. And access and configuration become especially challenging at scale. A web-based SOC solution delivered in an accessible, scalable service model allows IT teams and service providers to focus that energy and time where it’s most effective—on threat analysis, intelligence, and response.

How does SOCaaS with Pillr compare to other solutions?

Pillr is a web-based solution, so there’s no hardware or on-premises infrastructure required to monitor endpoints. For some competitors, an appliance is the foundation of their solution—an approach that presents an additional asset and endpoint that must be maintained. We see this as a liability to our users.

And we’re wary of organizations proposing pure technology-based solutions; while automation and intelligence are required to process the large quantity of data resulting from monitoring, an experienced cybersecurity analyst is the most adept decision-making asset in a SOC. With Pillr, you get all the above.

How does SIEM work on the Pillr platform?

There are many considerations when setting up a security information and event management tool, or SIEM. You must identify the data to collect, define how to manage and store that data, and guarantee it’s accessible to analysts for investigation. Plus, these details must be confirmed before you determine how to classify alerts for suspicious behavior, signs of compromise, or indication of potential compromise. It’s a lot to manage.

Pillr eliminates these challenges. The platform is designed, engineered, and supported by a team of experts capable of setting and maintaining these standards for you and helping you manage operations. Pillr always reflects the most up-to-date insights from the global threat landscape and aligns to the MITRE ATT&CK matrix—including its hundreds of defined tactics, techniques, and software.

Is Pillr SOC1 and SOC 2 compliant?

Yes, all 5 of our SOC facilities across the United States and United Kingdom are SOC 1 and SOC2 compliant.

Where is my syslog data stored?

Pillr stores your data in dedicated Microsoft Azure containers utilizing Azure Availability Enabled Zone Services. You can learn more about Azure security standards and Availability Enabled Zone Services at this link. 

How do Pillr SOC threat hunters assess data?

Pillr SOC threat hunters employ a variety of data intelligence feeds and search and visualization tools to aid detection. They’re often assessing millions of logged datapoints, and these resources help them dive into and understand the intricacies of files that may be linked to a particular exploit, for example. With the support of threat intelligence feeds, they can then confirm the validity, threat classification, a reputation of those files.

What threat intelligence feeds are a part of Pillr?

Today, Pillr utilizes over 35 threat intelligences sources to achieve our comprehensive awareness of known and potential threats and vulnerabilities, including known malicious IPs and URLs and botnet, command and control, and phishing attacks.

Get started.

FAQ