PALANTIR CYBERMESH INTRODUCTION

Similar documents
SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

Six Weeks to Security Operations The AMP Story. Mike Byrne Cyber Security AMP

RSA NetWitness Suite Respond in Minutes, Not Months

NetWitness Overview. Copyright 2011 EMC Corporation. All rights reserved.

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

SOLUTION BRIEF RSA NETWITNESS NETWORK VISIBILITY-DRIVEN THREAT DEFENSE

Sustainable Security Operations

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

CYBERBIT P r o t e c t i n g a n e w D i m e n s i o n

THE ACCENTURE CYBER DEFENSE SOLUTION

Managed Endpoint Defense

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

External Supplier Control Obligations. Cyber Security

Carbon Black PCI Compliance Mapping Checklist

WHY SIEMS WITH ADVANCED NETWORK- TRAFFIC ANALYTICS IS A POWERFUL COMBINATION. A Novetta Cyber Analytics Brief

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

Built-in functionality of CYBERQUEST

STAY ONE STEP AHEAD OF THE CRIMINAL MIND. F-Secure Rapid Detection & Response

Are we breached? Deloitte's Cyber Threat Hunting

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

Novetta Cyber Analytics

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

CYBER ANALYTICS. Architecture Overview. Technical Brief. May 2016 novetta.com 2016, Novetta

RSA INCIDENT RESPONSE SERVICES

NEXT GENERATION SECURITY OPERATIONS CENTER

BREACHES HAPPEN: BE PREPARED. Endpoint Detection & Response

ARC VIEW. Critical Industries Need Continuous ICS Security Monitoring. Keywords. Summary. By Sid Snitkin

How Vectra Cognito enables the implementation of an adaptive security architecture

ARC VIEW. Critical Industries Need Active Defense and Intelligence-driven Cybersecurity. Keywords. Summary. By Sid Snitkin

RSA INCIDENT RESPONSE SERVICES

Introducing Cyber Observer

HOLISTIC NETWORK PROTECTION: INNOVATIONS IN SOFTWARE DEFINED NETWORKS

SIEM Solutions from McAfee

IBM Security Network Protection Solutions

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)

Supercharge Your SIEM: How Domain Intelligence Enhances Situational Awareness

ALIENVAULT USM FOR AWS SOLUTION GUIDE

Continuous protection to reduce risk and maintain production availability

CyberArk Privileged Threat Analytics

Kaspersky Security Network

Using Threat Analytics to Protect Privileged Access and Prevent Breaches

Advanced Malware Protection: A Buyer s Guide

Cybersecurity-Related Information Sharing Guidelines Draft Document Request For Comment

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

Transforming Security from Defense in Depth to Comprehensive Security Assurance

Security by Default: Enabling Transformation Through Cyber Resilience

Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS

align security instill confidence

Top 10 most important IT priorities over the next 12 months. (Percent of respondents, N=633, ten responses accepted)

ATTIVO NETWORKS THREATDEFEND PLATFORM INTEGRATION WITH CISCO SYSTEMS PROTECTS THE NETWORK

Cloud for Government: A Transformative Digital Tool to Better Serve Communities

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM

PROTECTION FOR WORKSTATIONS, SERVERS, AND TERMINAL DEVICES ENDPOINT SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY

THREAT INTELLIGENCE: UNDERSTANDING WHAT IT IS AND WHY YOU NEED IT

Incident Response Services to Help You Prepare for and Quickly Respond to Security Incidents

esendpoint Next-gen endpoint threat detection and response

Panelists. Moderator: Dr. John H. Saunders, MITRE Corporation

Resolving Security s Biggest Productivity Killer

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Office 365 Buyers Guide: Best Practices for Securing Office 365

Managed Enterprise Phishing Protection. Comprehensive protection delivered 24/7 by anti-phishing experts

CloudSOC and Security.cloud for Microsoft Office 365

Cybersecurity: Incident Response Short

Proactive Defense with Automated First Responder (AFR) Anuj Soni Jason Losco

Managed Security Services - Endpoint Managed Security on Cloud

SOLUTION BRIEF RSA NETWITNESS PLATFORM ACCELERATED THREAT DETECTION & AUTOMATED RESPONSE FROM THE ENDPOINT TO THE CLOUD

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

DEVELOP YOUR TAILORED CYBERSECURITY ROADMAP

BUILDING AND MAINTAINING SOC

Un SOC avanzato per una efficace risposta al cybercrime

locuz.com SOC Services

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

White Paper. Why IDS Can t Adequately Protect Your IoT Devices

The New Normal. Unique Challenges When Monitoring Hybrid Cloud Environments

Symantec Security Monitoring Services

Medigate and Palo Alto Networks Integration

McAfee Endpoint Threat Defense and Response Family

Abstract. The Challenges. ESG Lab Review Lumeta Spectre: Cyber Situational Awareness

The threat landscape is constantly

Power of the Threat Detection Trinity

GDPR: An Opportunity to Transform Your Security Operations

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

Enhanced Threat Detection, Investigation, and Response

Sobering statistics. The frequency and sophistication of cybersecurity attacks are getting worse.

SECURITY SERVICES SECURITY

IPS with isensor sees, identifies and blocks more malicious traffic than other IPS solutions

DHS Automated Information Sharing (AIS) Program

DATA SHEET RSA NETWITNESS PLATFORM PERVASIVE VISIBILITY. ACTIONABLE INSIGHTS.

WHITEPAPER. Enterprise Cyber Risk Management Protecting IT Assets that Matter

Integrated, Intelligence driven Cyber Threat Hunting

Featured Articles II Security Research and Development Research and Development of Advanced Security Technology

PROFILE: ACCESS DATA

How AlienVault ICS SIEM Supports Compliance with CFATS

Chapter X Security Performance Metrics

McAfee epolicy Orchestrator

RBI GUIDELINES ON CYBER SECURITY AND RAKSHA APPROACH

OUTSMART ADVANCED CYBER ATTACKS WITH AN INTELLIGENCE-DRIVEN SECURITY OPERATIONS CENTER

securing your network perimeter with SIEM

Transcription:

100 Hamilton Avenue Palo Alto, California 94301 PALANTIR CYBERMESH INTRODUCTION Cyber attacks expose organizations to significant security, regulatory, and reputational risks, including the potential for infrastructure damage, data exfiltration, and intellectual property theft. The traditional patchwork of automated, black box cyber defenses firewalls, anti-virus software, and intrusion detection systems often fails against sophisticated, adaptive, and determined adversaries. Driven by a diverse set of motivations, these adversaries attack from multiple vectors using an ever-expanding set of tools. In contrast, organizations often operate in silos and are unable to singlehandedly detect and mitigate the sheer volume and diversity of cyber threats. Recognizing that both government and commercial organizations face a shared set of cyber threats and potential risks, we created the Palantir Cybermesh, a platform for secure peer-to-peer cyber information sharing among participating organizations. Drawing on our successful peering models currently deployed within the defense, intelligence, and regulatory communities, the Cybermesh enables participating organizations to exchange critical information and context about emerging cyber threats in real time, subject to highly granular access controls and automatic redaction of sensitive data. The rapidly evolving cybersecurity landscape poses challenges too great for a single organization to tackle alone. By joining the Cybermesh, organizations instantly gain access to dozens of real-time feeds and intelligence, shared and enriched by participants across multiple industries and geographic boundaries. With the Cybermesh, participating organizations collaboratively improve situational awareness, obtain a comprehensive understanding of threats facing their networks, and harden collective defenses against a wide range of cyber attacks.

Palantir Cybermesh 02 OVERVIEW Palantir Cybermesh facilitates secure information sharing about cyber threats among participating organizations. Palantir Cybermesh is a highly secure network that facilitates peer-to-peer information sharing to proactively detect, investigate, and prevent cyber attacks. Leveraging the Cybermesh, participating organizations intelligently consume, generate, and share intelligence across functional and geographic boundaries, while ensuring that shared data remains synchronized, up to date, and accurate. Every member of the Cybermesh maintains a separate instance of Palantir Cyber, a commercial off-the-shelf, end-to-end cyber intelligence platform. Palantir Cyber s full suite of data integration and analytical capabilities allows organizations to quickly pivot from threat identification to incident response and mitigation, all within the same platform. Leveraging information provided by the Cybermesh, Palantir Cyber enables participating organizations to rapidly characterize, investigate, and respond to attacks and breaches. By peering their individual Palantir instances, participating organizations can seamlessly share information in real time while preserving the consistency, integrity, and security of their data. Palantir also enables participating organizations to easily import and export data in XML and other open file formats, and share relevant information with non-members. A centrally hosted Palantir instance provides each participating organization with out-of-thebox cyber strategies and feeds, drawn from third-party open source and licensed data feeds and organizations participating in the Cybermesh. By integrating third-party information with critical insights from peer organizations, the Cybermesh reveals patterns, connections, and anomalies among siloed data sources that would otherwise go undetected, improving shared intelligence and alerting participants to emerging threats.

Palantir Cybermesh 03 BENEFITS In addition to the core analytical capabilities provided by Palantir Cyber, participating organizations can take advantage of the following unique capabilities by joining the Cybermesh: Proven Strategies Leverage pre-packaged cyber intelligence strategies to separate signal from noise and identify emerging threats. The Cybermesh provides cyber intelligence feeds that are rolled up from suspicious activity patterns, third-party open source and licensed data feeds, and contextual data feeds. These feeds are immediately available for automated correlation against organization-specific data integrated into Palantir. Our engineers constantly update and refine these strategies to automatically detect anomalies and alert organizations. Pre-Built Data Integration Pipelines Access all relevant data sources in a single environment out of the box. Based out of Silicon Valley, we are always on the cutting edge of emerging cyber technologies. We work with top-tier vendors to integrate the full spectrum of cyber data, including malicious domains, IP addresses, and malware fingerprints. Our pre-built integration pipelines allow our engineers to integrate relevant data sources just days after the start of a Palantir deployment. Secure Network Gain comprehensive, 24/7/365 situational awareness of emerging cyber threats by leveraging information from both within and across industries. All data in the Cybermesh is secured with granular access controls and sensitive information is automatically redacted. The Cybermesh tracks all data as it travels between peers, ensuring that no data is overwritten or duplicated. Each and every piece of information in the Cybermesh is secured individually, rather than applying blanket permissions across entire data sources. By breaking down functional and geographic siloes, organizations participating in the Cybermesh can consume, share, and benefit from each other s knowledge and context.

Palantir Cybermesh 04 UNDERLYING TECHNOLOGIES The Cybermesh is powered by Nexus Peering, which enables data sharing across organizations in different industries and countries. Originally developed for the defense and intelligence community, Nexus Peering currently supports real-time information and threat sharing across four continents in some of the world s toughest operational environments. Nexus Peering allows discrete entities to share information in almost any configuration without compromising the integrity or security of the data. With Nexus Peering, organizations can: Share information across organizations with automatic redaction of sensitive data Combine data enriched by different organizations without creating duplicate or conflicting copies of the data Create a consistent view of data Preserve the full history of all user activity Maintain data at each organization, allowing for independent operation when no reliable network exists between sites Treat other nexus sites as single data sources that can be easily queried and assimilated Palantir s Hercules technology creates prioritized clusters of entities for further investigation. Out of the box, the Cybermesh also provides cyber intelligence strategies with information about emerging threats, including feeds of malicious domains and common attributes. This capability relies on Hercules, which traverses large-scale structured data to detect anomalies based on expert-defined algorithms. Hercules algorithmically combs all data sets integrated in Palantir to create clusters of events that match certain criteria. The resulting clusters are ranked by relevance and any flags are pushed to participating organizations for analysis. Each organization can then search and drill down on specific entities for deeper contextual investigation. The algorithms can easily be modified to ensure that search strategies evolve with constantly changing cyber tactics.

Palantir Cybermesh 05 POSSIBLE CONFIGURATIONS Organizations can participate in the Cybermesh in multiple ways and choose to share only what they are willing to share. In addition to two-way peering and full data sharing, the Cybermesh allows organizations to solely consume information or to share specific subsets of data. Each participating organization specifies exactly how they will participate: what feeds they receive, what data they send, and what conditions govern data transmission. For example, Organization X can choose to simply consume data (1), consume and share (2), or both consume and share information with other participating organizations via the Cybermesh (3). Organization X can also choose to share information directly with Organization Y (4) or with both Organization Y and the Cybermesh (5). Finally, Organization X can choose to share information with any subset of organizations participating in the Cybermesh, both directly and indirectly (6).

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback