OUTSMART ADVANCED CYBER ATTACKS WITH AN INTELLIGENCE-DRIVEN SECURITY OPERATIONS CENTER

Similar documents
SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

RSA INCIDENT RESPONSE SERVICES

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

MITIGATE CYBER ATTACK RISK

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

RSA INCIDENT RESPONSE SERVICES

RSA NetWitness Suite Respond in Minutes, Not Months

Integrated, Intelligence driven Cyber Threat Hunting

Traditional Security Solutions Have Reached Their Limit

locuz.com SOC Services

Sustainable Security Operations

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

Resolving Security s Biggest Productivity Killer

CYBER RESILIENCE & INCIDENT RESPONSE

Incident Response Services to Help You Prepare for and Quickly Respond to Security Incidents

Security Monitoring. Managed Vulnerability Services. Managed Endpoint Protection. Platform. Platform Managed Endpoint Detection and Response

ATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS

SOLUTION BRIEF RSA NETWITNESS NETWORK VISIBILITY-DRIVEN THREAT DEFENSE

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

Sandboxing and the SOC

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Designing an Adaptive Defense Security Architecture. George Chiorescu FireEye

THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM

THE EVOLUTION OF SIEM

Mastering The Endpoint

WHITE PAPER. Operationalizing Threat Intelligence Data: The Problems of Relevance and Scale

esendpoint Next-gen endpoint threat detection and response

McAfee Advanced Threat Defense

NEXT GENERATION SECURITY OPERATIONS CENTER

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

Reducing the Cost of Incident Response

align security instill confidence

SIEM Solutions from McAfee

RSA Advanced Security Operations Richard Nichols, Director EMEA. Copyright 2015 EMC Corporation. All rights reserved. 1

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)

Threat Containment and Operations. Yong Kwang Kek, Director of Presales SE, APJ

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

DATA SHEET RSA NETWITNESS PLATFORM PERVASIVE VISIBILITY. ACTIONABLE INSIGHTS.

ForeScout ControlFabric TM Architecture

SIEM: Five Requirements that Solve the Bigger Business Issues

An All-Source Approach to Threat Intelligence Using Recorded Future

Novetta Cyber Analytics

Using Threat Analytics to Protect Privileged Access and Prevent Breaches

Risk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23

MATURE YOUR CYBER DEFENSE OPERATIONS with Accenture s SIEM Transformation Services

RiskSense Attack Surface Validation for IoT Systems

WHITEPAPER ENDPOINT DETECTION AND RESPONSE BEYOND ANTIVIRUS PROACTIVE THREAT HUNTING AT THE ENDPOINT

FOR FINANCIAL SERVICES ORGANIZATIONS

with Advanced Protection

Building Resilience in a Digital Enterprise

Security. Made Smarter.

Converged security. Gerben Verstraete, CTO, HP Software Services Colin Henderson, Managing Principal, Enterprise Security Products

BREACHES HAPPEN: BE PREPARED. Endpoint Detection & Response

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Transforming Security from Defense in Depth to Comprehensive Security Assurance

Power of the Threat Detection Trinity

RSA ADVANCED SOC SERVICES

deep (i) the most advanced solution for managed security services

How Vectra Cognito enables the implementation of an adaptive security architecture

WHY SIEMS WITH ADVANCED NETWORK- TRAFFIC ANALYTICS IS A POWERFUL COMBINATION. A Novetta Cyber Analytics Brief

TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. Ralf Kaltenbach, Regional Director RSA Germany

4/13/2018. Certified Analyst Program Infosheet

Managed Endpoint Defense

Integrated McAfee and Cisco Fabrics Demolish Enterprise Boundaries

Deception: Deceiving the Attackers Step by Step

The New Era of Cognitive Security

Un SOC avanzato per una efficace risposta al cybercrime

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access

DATA SHEET RSA NETWITNESS ENDPOINT DETECT UNKNOWN THREATS. REDUCE DWELL TIME. ACCELERATE RESPONSE.

The McGill University Health Centre (MUHC)

STAY ONE STEP AHEAD OF THE CRIMINAL MIND. F-Secure Rapid Detection & Response

WHITEPAPER. Enterprise Cyber Risk Management Protecting IT Assets that Matter

Six Weeks to Security Operations The AMP Story. Mike Byrne Cyber Security AMP

Managed Enterprise Phishing Protection. Comprehensive protection delivered 24/7 by anti-phishing experts

CYBERBIT P r o t e c t i n g a n e w D i m e n s i o n

CloudSOC and Security.cloud for Microsoft Office 365

empow s Security Platform The SIEM that Gives SIEM a Good Name

Verint Knowledge Management Solution Brief Overview of the Unique Capabilities and Benefits of Verint Knowledge Management

Eliminating the Blind Spot: Rapidly Detect and Respond to the Advanced and Evasive Threat

RSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief

GDPR: An Opportunity to Transform Your Security Operations

CA Security Management

Popular SIEM vs aisiem

ARTIFICIAL INTELLIGENCE POWERED AUTOMATED THREAT HUNTING AND NETWORK SELF-DEFENSE

Symantec Security Monitoring Services

Key Technologies for Security Operations. Copyright 2014 EMC Corporation. All rights reserved.

CyberArk Privileged Threat Analytics

Security Information & Event Management (SIEM)

Are we breached? Deloitte's Cyber Threat Hunting

HOLISTIC NETWORK PROTECTION: INNOVATIONS IN SOFTWARE DEFINED NETWORKS

IPS with isensor sees, identifies and blocks more malicious traffic than other IPS solutions

SentinelOne Technical Brief

Supercharge Your SIEM: How Domain Intelligence Enhances Situational Awareness

Readiness, Response & Resilence:

SOLUTION BRIEF HELPING BREACH RESPONSE FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE

Operationalizing the Three Principles of Advanced Threat Detection

ARC VIEW. Critical Industries Need Active Defense and Intelligence-driven Cybersecurity. Keywords. Summary. By Sid Snitkin

Modern Database Architectures Demand Modern Data Security Measures

May the (IBM) X-Force Be With You

Transcription:

OUTSMART ADVANCED CYBER ATTACKS WITH AN INTELLIGENCE-DRIVEN SECURITY OPERATIONS CENTER HOW TO ADDRESS GARTNER S FIVE CHARACTERISTICS OF AN INTELLIGENCE-DRIVEN SECURITY OPERATIONS CENTER 1 POWERING ACTIONABLE INTELLIGENCE

TABLE OF CONTENTS Advanced Cyber Attacks are Here to Stay 3 It's Time to Recalculate Your Security Mindset 3 Intelligence Is Paramount 4 All the Intelligence You Need in One Unified Solution 5 Verint Threat Protection System 5 Conclusion 8 2

ADVANCED CYBER ATTACKS ARE HERE TO STAY IN ITS GLOBAL RISKS 2015 REPORT 1, THE WORLD ECONOMIC FORUM RANKS CYBER ATTACKS AMONG THE TOP FIVE HIGH-IMPACT GLOBAL RISKS FOR THE COMING DECADE. Recent cyber attacks against the likes of Sony Pictures, Anthem and the US Office of Personnel Management (OPM) underscore the complexity of these threats, as well as the risks of a potential data breach. In terms of costs, the average financial loss attributed to reported cyber security incidents in 2014 was $2.7 million 2. IT'S TIME TO RECALCULATE YOUR SECURITY MINDSET These breaches clearly illustrate the fact that most Security Operations Centers (SOCs) are simply not equipped to counter sophisticated and targeted cyber attacks, which sail through the gaps left by existing siloed security tools. Traditional signature-based perimeter tools only look for known attacks at the point of entry. In an attempt to overcome this limitation, some SOCs have incorporated advanced detection sensors that specialize in specific vectors, which work alongside Security Incident and Event Management (SIEM) systems to provide situational awareness. Neither was designed to perform in-depth investigations of multi-faceted attacks. And while forensics tools may add visibility, they often lack automated analytics and require manual searches by extremely specialized analysts. Meanwhile, SOC teams lack the resources to sift through thousands of daily alerts, detect high-priority cyber-attacks and remediate them in a timely manner. While the average enterprise spends $1.3m 3 a year dealing with false positive cyber security alerts, while average time to detect, investigate and remediate attacks remain unacceptably high. Organizations fail to realize the criticality of an integrated, automated and adaptive architecture. 1 Source: reports.weforum.org/global-risks-2015/part-1-global-risks-2015/introduction/ 2 Source: PricewaterhouseCoopers, The Global State of Information Security Survey 2015 3 Source: Computer Weekly, False malware alerts cost enterprises $1.3m a year on average, January 2015 3

INTELLIGENCE IS PARAMOUNT As a leading analyst firm in the cyber domain with an in-depth understanding of incumbent solutions and their capabilities, Gartner is well aware of the gaps in the existing SOC approach. To protect against current threats, Gartner states that "security operations centers must be architected for intelligence, embracing an adaptive security architecture to become context-aware and intelligence-driven." 4 Accordingly, Gartner recommends the following:"security leaders building or maturing a SOC must: Adapt a mindset that is based on the assumption that they have already been compromised. Instrument their SOC for comprehensive visibility. Follow an intelligence-driven SOC approach with these five characteristics: 1. Use multisourced threat intelligence strategically and tactically 2. Use advanced analytics to operationalize security intelligence 3. Automate whenever feasible 4. Adopt an adaptive security architecture 5. Proactively hunt and investigate" 5 4 Gartner, The Five Characteristics of an Intelligence-Driven Security Operations Center, November 2015 5 Gartner, The Five Characteristics of an Intelligence-Driven Security Operations Center, November 2015 4

ALL THE INTELLIGENCE YOU NEED IN ONE UNIFIED SOLUTION VERINT HAS APPLIED OVER 20 YEARS OF INTELLIGENCE EXPERIENCE AND MARKET-LEADING ANALYTICS TO ADDRESS THE CHALLENGES PRESENTED BY THE NEW BREED OF CYBER THREATS. Based on our experience in protecting some of the world's most sensitive and targeted organizations, as well as the efforts of global security research teams, Verint has built a unique, intelligence-driven cyber security platform that enables enterprises to effectively detect and respond to advanced and unpredictable cyber attacks. Verint Threat Protection System (TPS) enables SOC teams to protect critical networks, IT systems and information assets against advanced cyber attacks. TPS offers comprehensive detection, prioritization, investigation, and protection capabilities based on a unified security approach designed to increase threat visibility and streamline threat management without increasing the size or expertise of security operation teams. VERINT THREAT PROTECTION SYSTEM - ENABLING AN INTELLIGENCE-DRIVEN SOC TPS IS FULLY ALIGNED WITH GARTNER'S INTELLIGENCE-DRIVEN SOC APPROACH, IMPLEMENTING ALL FIVE KEY CHARACTERISTICS. 1. Use multisourced threat intelligence strategically and tactically Verint TPS orchestrates intelligence gathered from specialized and fully integrated engines that work across an organization's network to detect malicious files, command and control communications, lateral movement and infected endpoints. Spanning network, payloads and endpoints, TPS applies different sources of threat intelligence, such as hash values, blacklists, URL categorization, network anomalies, registry changes, and even behavioral analysis that learns on the fly, to augment existing threat intelligence. Insights collected are analyzed in real time and cross-validated in the TPS brain to create further threat intelligence. 5

2. Use advanced analytics to operationalize security intelligence TPS utilizes machine learning, anomaly detection, heuristics, static file analysis, dynamic memory analysis and other advanced analytics to identify targeted attacks that have already infiltrated the network. In addition to increasing visibility, these analytics transform the huge quantities of network data (i.e., noise) into actionable insights that can be used by the analyst. TPS learns how to investigate from the investigator behavioral analytics monitors investigator actions and then mimics them in the future to reduce analyst time, minimize false positives and improve results over time. 3. Automate whenever feasible By automating detection, incident processing and intelligence-driven investigation workflows across the kill chain stages, TPS enables SOC teams to improve threat management, accelerate time to remediation and allow senior analysts to focus on resolving the more complex attacks detected on the network. Sophisticated fusion features, powered by the TPS brain, work in sync to automatically combine alerts, metadata and intelligence into incidents representing a potential attack, which are then prioritized based on risk. TPS enables automated prioritization, such as running a network forensics query on an entity involved in an alert, remotely scanning a potentially infected endpoint, or fetching a file for deeper inspection. The analysis and evidence gathering workflow is also automated, and dynamically adjusts itself as findings accumulate. Once enough evidence has been discovered, the automated TPS investigation engines hand over the findings, conclusions and recommended next steps to the SOC analyst. 6

4. Deploy an adaptive security architecture TPS supports critical capabilities of Gartner's Adaptive Security Architecture outof-the-box in a unified and tightly integrated manner. Built by intelligence experts, TPS enables SOC teams to prevent known threats across attack surfaces, detect threats already within the network, automate forensic analysis and response, and apply gathered intelligence for predicting the next attack. 5. Proactively hunt and investigate TPS automatically hunts for threats in the environment by uniquely combining broad visibility, specialized detection and automated forensic investigation. For example, TPS may automatically trigger endpoint forensics as soon as an indicator of compromise is identified in the network. At the same time, TPS facilitates proactive hunting by security analysts by providing them with a visualized and information-rich investigation platform, which brings the attack story to life. These capabilities help analysts to unearth hidden threats, better understand the tactics, techniques and procedures (TTPs) of advanced attacks and, as a result, anticipate future attacks. The TPS data model is based on STIX and TAXII standards to help analysts leverage external threat intelligence or online research tools. As illustrated, TPS employs an intelligence-driven approach that embeds Verint's unique intelligence methodology across the solution. Multiple engines operate as intelligence sources, constantly monitoring all attack vectors and sharing intelligence throughout all stages of an attack. This context-aware intelligence enables analysts to understand the attack story as TPS connects seemingly isolated incidents into a narrative that can reveal a large-scale, long-term campaign. The end result is a marked improvement in threat visibility and management, which were cited by over 50% of enterprises as the primary driver for building a SOC 6. 6 Gartner, The Five Characteristics of an Intelligence-Driven Security Operations Center, November 2015, Gartner Research Circle, G-14524 SOC Survey, October 2014 (In the Gartner Research Circle SOC Survey, conducted in October 2014, 52% of 69 respondents that had or were planning to invest in a SOC stated that their primary driver was "threat management." For a further 29%, threat management was at least the secondary driver.) 7

CONCLUSION TPS IS FULLY ALIGNED WITH GARTNER'S INTELLIGENCE-DRIVEN SOC APPROACH AND IS SPECIFICALLY DESIGNED TO ENABLE SOC TEAMS TO EFFECTIVELY MITIGATE ADVANCED CYBER THREATS. Constant real-time monitoring and analysis of payloads, network traffic and endpoints, together with on-demand forensics and automated investigations, provide complete threat visibility and efficient threat management across the operation. In addition to tactical incident detection and response, TPS also gives SOCs a strategic solution with predictive capabilities that help to proactively anticipate and hunt for the next likely attack. Verint's intelligence-driven approach results in better protection of critical assets from targeted attacks, more efficient investigation processes and lower organizational risk. "WE ESTIMATE THAT CURRENTLY LESS THAN 10% OF EXISTING SOCS POSSESS TWO OR MORE INTELLIGENCE-DRIVEN CHARACTERISTICS" Gartner, The Five Characteristics of an Intelligence-Driven Security Operations Center, November 2015 START IMPLEMENTING ALL 5 KEY INTELLIGENCE CHARACTERISTICS IN YOUR SECURITY OPERATION CENTER. CONTACT 8

VERINT CYBER SECURITY. FOR THREATS IMAGINED, NOT YET IMAGINED, AND IMPOSSIBLE TO IMAGINE. Verint Systems Inc. (NASDAQ: VRNT) is a global leader in Actionable Intelligence solutions for customer engagement optimization, security intelligence, and fraud, risk and compliance. Today, more than 10,000 organizations in over 180 countries use Verint solutions to improve enterprise performance and make the world a safer place. Learn more at www.verint.com. Unauthorized use, duplication, or modification of this document in whole or in part without the written consent of Verint Systems Inc. is strictly prohibited. By providing this document, Verint Systems Inc. is not making any representations regarding the correctness or completeness of its contents and reserves the right to alter this document at any time without notice. Features listed in this document are subject to change. Not all functionality is available in all configurations. Please contact Verint for current product features and specifications. All marks referenced herein with the or TM symbol are registered trademarks or trademarks of Verint Systems Inc. or its subsidiaries. All rights reserved. All other marks are trademarks of their respective owners. 2016 Verint Systems Inc. All Rights Reserved Worldwide. 01.2016 9 info.cyber@verint.com www.verint.com/cyber

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback