WP Comprehensive Cybersecurity Platform for the DigitalEra · for the Digital Era Fully Automated...

Post on 23-Jul-2020

1 views 0 download

transcript

Seceon.com

Comprehensive Cybersecurity Platform for the Digital Era

Fully Automated Threat Detection & Remediation - No Playbook Required

Stayingaheadofthelatestsecuritythreatscan be a challenge for any organization.Mostorganizationsareunabletodealwiththe increasing number and sophisticationof cyber threats because it either takesthemtoolongtoidentifythemortakestoomuch time to stop them from inflictingdamageonce theorganizationshavebeenbreached.

Security must be more than anafterthought, especially as companiesembrace technologies, such as, Cloud, BigData, Internet of Things, and Mobility.Thesethreatsarealsocoming fromBYODand other devices that bypass perimeterdefenses.Ifthesedevicesareinfectedwithmalware and go undetected, they causeirreparable damage as they connect east-west to other devices within theorganization.Sadly,somecompanieshaveafalsesenseofsecurityastheythinktheyare secure already because they complywith standards. John T. Chambers,Executive Chairman and former CEO ofCiscoSystemssays,“Therearetwotypesofcompanies: those that have been hacked,andthosewhodon'tknowtheyhavebeenhacked.”Securitymustbe‘built-in’without

“Therearetwotypesofcompanies:those that have been hacked, andthose who don’t know they havebeenhacked.”

JohnT.Chambers,ExecutiveChairmanandFormerCEOofCisco

Systems

the need to ask the users to ‘opt-in’.Having the right security posture iscritical as threats are becoming a lotmore sophisticated and come from allangles.In this paper, we explore the currentlandscape of security, what it takes toprovidecomprehensivecybersecurityindigital era, and Seceon’s Open ThreatManagement (OTM) Platform. Seceon’ssolution leverages advancedtechnologies, such as, user behavioralanalytics, machine learning, and in-memory processing for data collection,analysis, and self-healing withautomatedremediationinreal-time.

TheCurrentSecurityLandscape EventhoughenterprisesarebecomingmoreIT-centric,businessesarestillstrugglingtoimplementcomprehensivesecuritythatprotectstheirassetsanddata.Todaywesee multiple technologies or point solutions being deployed in organizations toprotect vital information. These include next-generation firewalls, which preventunwantedaccess toyournetwork anddata,point solutions toprotect the variousendpoints on the network, security event and information management (SIEM)platforms that collect data from all disparate products to elicit the appropriateresponse,etc. In fact,manyenterpriseshavea slewof securityproductsdeployedwhichareresponsibleforcollectingandreportingthecurrentsecuritystatus(Figure1).Securityexpertsanalyze andcorrelate thesemassiveamountsof logdata fromdifferentsourcestodiscernrealthreats.

Figure1:Multiplepointsolutionsproducinglogdatatobeanalyzedbyexperts

Thiscurrentsecuritypostureposesabigchallengetoorganizationsbecauseitistooslowtoidentifyrealthreats.Oftenanalystsareunabletoseethethreatsandcorrelaterelevant information from the consoles of an arrayof securityproducts. The riskbuildswhencombinedwithalackoftechnologies,policiesandstaff.TheinfamousEquifax 2017 security breach lasted from mid-May through July potentiallycompromising143millioncustomers’personaldata.Accordingtothe2016InsiderThreat Report Spotlight, 27 percent of organizations feel they can detect a threatwithin hours, and only 24 percent canremediate the problem within hours ofdetection.Thesmallpercentagesoforganizationsthatdofeelcapableareoftentoolate.AccordingtoVerizon’s2016DataBreachInvestigationReport,81.9percentoforganizationssurveyedreportedthatacompromisetookonlyminutestoinfiltrate

Seceon.com

companysystems,withamajorityofrespondentsshowingthatassociateddatawasexfiltrated within hours of the initial compromise. If a breach were to occur toorganizationswiththeircurrentthreatmanagementtechniques,thereisaminimalchancethatdatalosscanbestopped.Whatisneededisabetterapproach,onethatdetectsandremediatesinminutes,nothoursordays.

“The Insider Threat Report goes on to say thatmore than 75 percent of enterpriseorganizationsestimatebreachremediationcostsreach$500,000.Twenty-fivepercentbelievethecostexceeds$500,000andcanreachintothemillions.Thechallengewithtoday’sthreatsistodetectandstopthethreatbeforedataisaccessed,alteredorstolen”

Inaddition,compromisedcredentialsthroughphishingorothermeanscontinuetoposeahighimpactriskfororganizations.Unmanagedorpoorlymanagedcredentialspresentahigh-valuetargetforhackers,offeringintrudersinsideraccesstonetworksandaccounts.Itisdifficultfortraditionalsecuritytoolstodiscernanddetecttheuseof an insider’s own lost credentials, or theuse of newones createdwith elevatedprivilegesbyaknowledgeable insider.Theuseof“legitimate”credentialsdoesnottriggerathreatresponsefromthesystem.Considerthecasewhereaninsiderloseshis/hercredentialstotheoutsideandcurrentdefensesdon’tknowifit’sanimposteraccessingassets.Thesamecanhappenwhenanemployeeorcontractordecidestousehisorsomeothercredentialstostealdata.

Withtheincreasingvalueandvolumeofdata,cyberattacksaregrowingnotonlyinnumberbutalsoinsophistication.Thereareincreasingconcernsaboutdevicesbeinghackedintothebotnetsandusedtoattackorganizations.Thestakesaresohighthatthereisdireneedtoadoptamoreproactiveapproachtosecuringcriticaldata.

ANewApproachfortheDigitalEraIt is evident that the traditional methods or point solutions will not scale or beadequate in this age of digital transformation.Recently, there’s been a lot of buzzabout using behavioral analytics to help detect the threat. Can technologies inbehavioralanalyticsandmachine learningdetect threatsquickly?Will thishelp toaddressstaffandpolicylimitations?

Real-timeBehaviorAnalyticstoCombatThreatsBehavioralanalyticscanbeusedtodevelopcomprehensivemodels.Thiswillprovideanorganizationwiththeabilitytoconductriskassessmentofusersandsystemstoalertallentitiesthatmayposeapotentialthreat.Itssiftsthroughandcorrelateslargeamounts of data in order to identify non-conforming patterns. Some of theseanomaliesmightrepresentcompromisedcredentials,arogueuseronthenetwork,unwarrantedescalationofuserprivileges, and transmissionof sensitivecorporateinformationacrossunsolicitedchannels.

MachinelearningdemandscontextSome organizations have tried to use approaches solely dependent on machinelearningtoaccomplishbehavioralprotection.Initially,machinelearningprovidedagood way to identify patterns and relationships, but in practical terms machinelearninggeneratesagreatdealoffalse-positives.

Abetterapproachwouldbetouseanintelligentsystemwithrulesetsandthresholds,whichareaidedbymachinelearning.Theknownthreatbehaviorscanbetailoredtoappropriatebehaviorforthesystem.Correlatingthisallowsthesystemtomaintainahigh degree of confidence in the results before presenting a threat. This allowsanalyststoseeallsourcesofcorrelationbeforeenactingstepstoremediation.

Combine behavioral analytics and machine learning withreal-timeremediationWesolvedtheproblembyarchitectingaplatformwithapatentedprocesstobreaktheserialdatacollectionandanalysis-processinglogjam.

Seceon’sOpenThreatManagement(OTM) Platform is based on anadvanced micro servicesarchitecture. Unstructured data isingestedintheCollection&ControlEngine(CCE)andreduceddowntoonly the information required toidentify the type and scope of athreat.ItextractskeymetadataandsendsrefinedinputtotheAnalytics&PolicyEngine(APE).

Seceon.com

APEisabigdataenginewhichusesafast-parallelprocessingarchitecture.Itingeststhe information from the CCE and runs it through thousands of threat detectionprocesses in parallel. This allows a variety of threat detection techniques to beapplied.Output analytics generatedby eachprocess canbe correlated together inmanydifferentways.Thisapproachallowsuser,entityororganization-widethreatssuchasDDoStobedetected.Theadvancedcorrelationtechniquesalsoallowthreatstobevalidatedfrommultipletechniques.Thisminimizestheoddsofgeneratingfalse-positiveswhileprovidingafullscopeofanattackorthreat.Bestofall,theentiresetofactionshappensinseconds.

Figure2:SECEONOTMScalableFastProcessingArchitecture

Utilizing another patented process, the threats are evaluated by level of risk andprogressionofanattack.Additionally, thisprocessalsomakesrecommendations–dependingonthetypeandprogressofanattack–onhowtostopthethreat. Thesystem then allows theuser toperform that actionby eitherpushing a buttonoroptingtohavethesystemtakeautomaticremediationofsuchthreats.Thisfeatureisusefulforassuring24x7x365protection.

“OTMingestsrawflows,logsandidentifiesdatafromNG-Firewalls(fore.g.,PaloAlto, Cisco, Fortinet, Checkpoint, SonicWall, Sophos, Juniper, etc.), Routers (for e.g.,Cisco,Juniper,Nokia,Brocade,etc.),Switches(fore.g.,Cisco,Arista,Juniper,Extreme,Brocade, etc.), Identity Management (for e.g., Windows Domain Controller, DNS,DHCP,LDAP,etc.),OSandApplicationlogs(fore.g.,Linux,Windows,MacOS,Oracle,

SAP,MySQL,etc.),andEndPointProtections(fore.g.,McAfee,Symantec,TrendMicro,Cylance, etc.) to provide comprehensive cybersecurity for the digital era driven bycomprehensive visibility, protective threat detection, and automated or push buttoneliminationorcontainmentofthreatsonNetwork,IdentityandApplications.”

Benefits of Seceon’s OTM as a Fully Automated ThreatDetectionandRemediationSystem• ComprehensiveVisibility:Adaptivecomprehensivevisualizationprovidesaview into how an organization’s users, databases and applicationscommunicate. The platform provides extensive visibility of network traffic,monitored applications, network performance, managed network resourcesandbigdataanalyticsviaeffectiveandscalabledatacollection,aggregationanddelivery.

• UnifiedThreatDetection:TheOTMPlatformdetectsallformsofknown,aswell as new threats, in real-time. These include, malwares, botnets, insiderthreats, compromised credentials, APTs, DDoS attacks, etc. The need forautomatedthreatdetectionapplies toorganizationsofanysizeorexpertise.For large organizations with significant resources and staff in place,automationofthreatdetectioncaneliminatethreatalertoverloadandenablegreaterefficiency for security teams.Addressing these attacksas theyoccurensures the correct remediation and reporting of the threat. For small- tomedium-sized businesses with limited and/or no security analyst staff,automated technology enables the equivalent of a virtual SoC team. It givesskill-andresource-constrainedteamsachancetoprotectthemselvesfromofthesethreats.

• Automatic Threat Remediation in Real-time: Organizations today arerapidlyadaptingnewpoliciesandpracticestoreact fasteroncea threathasbeen identified. Typically, the steps to contain and eliminate the threatsrequiresomesortofmanual intervention. If theremediationactionsarenotimplemented in a timelymanner to limit thedwell timeof an attack, it canpotentially cause significant damage to the organization. Seceon’s OTMPlatform is self-healing as it takes immediate recommended actions toautomaticallycontainandeliminatethethreatsinreal-time.Thissignificantly

Seceon.com

minimizes the effort and cuts the response time literally down to seconds.Moreover, it can automatically halt the use of compromised credentialsisolatingtherogueuserfromthenetworkbeforedataisexfiltratedfromtheorganizationandreissueofnewonestominimizetheriskofdatalossandbusinessdisruption.Ittherebyaddressesvexingchallengesdeterminingtherightcourseofactiontoprotectinformationwithoutcausingunduesideeffectsbyblockingproductivityofusersthatregularlyusethesedatasources.

ConclusionDigital transformationbringsamassivegrowthof connected environmentswhereperimeterprotectionisnolongerenough.ItmakesitessentialthatcybersecurityandIT teams find a unified approach to securing applications anddata. Seceon’s OTMPlatformprovidescomprehensivevisualization,fullyautomatedthreatdetectionandremediationsoftwaresolution.Theplatformcanprocessdatainrealtime,ingestingand running threatmodels, updating and activating thesemodels withinminutesthroughadvancedcorrelationwithintelligentapplicationofmachinelearning.Thisallowsthesystemto lookforanomaliesandcorrelatethemtogeta fullviewthusminimizing falsepositives and triggers easy tounderstand alerts thatmatter. Theself-healingaspectof theplatformenablescustomers toautomaticallycontainandeliminatethethreatsinreal-time.

About Seceon

Founded in 2014, Seceon provides industry’s first full-automated threat detection and remediation software platform. It leverages advanced technologies, such as, behavioral analytics, machine learning and in-memory processing for data collection, analysis and automated remediation in real-time. It is headquartered in Westford, MA, USA with offices in United Kingdom & India. To learn more, please visit: www.seceon.com.

Copyright © 2017 Seceon, Inc. All trademarks referenced here belong to Seceon, Inc.