Date post: | 21-Jan-2018 |
Category: |
Technology |
Upload: | priyanka-aash |
View: | 1,243 times |
Download: | 0 times |
© 2016 by CYBERBIT │ CYBERBIT Proprietary 1
Increase your SOC efficiency with SOC 3D Amit ModiRegional Sales Manager – India & [email protected]
© 2016 by CYBERBIT │ CYBERBIT Proprietary
Visualizing NextGen CyberSecurity
ITInfrastructureSecurity Application/DBSecurity
Consulting&ITGRC
VisualizingNextGen SoC4.0
SecurityControls Policy&Audit RISK&Compliance BusinessContinuity
VulnerabilityManagement
LogManagement
Access&Identity
Visibility&Compliance
SecurityAnalytics
DataProtection&Control
ITChange&EndPointMonitoring&Management
IncidentResponse
ThreatIntell.Feeds
ForensicDataCapture
ThreatDetection AppSec CMDB SoftwareAsset
Management
© 2017 by CYBERBIT │ CYBERBIT Proprietary 4
Challenges
• SIEM Generating Huge amount of Alerts• Incidents Getting Missed• Lack of Threat Visibility• Finding Lateral Impact• Learning from Past• Finding the RCA• Skills Shortage• Incident Based SLA Management• Incident Closures• Reporting
• Technical• Business Context• Performance Based
Expectations
• Business Context to the Investigation• Adding Analytics• Bulletin Boards to the Team• Case Management• Automating Runbook• Threat Visibility & Spread• Avoid Over Detection & False Positive• Automate Similar Incidents• Prioritization Based on Business Impact• Incident Containment as a First Step• Surgical Response for Accurate Threat
Eradication
© 2017 by CYBERBIT │ CYBERBIT Proprietary 5
Recommendation & Suggestions by SANS Analysis
© 2017 by CYBERBIT │ CYBERBIT Proprietary 6
Narrow Downing : Challenges & Expectations
• SIEM Generating Huge amount of Alerts
• Incidents Getting Missed• Lack of Threat Visibility• Finding Lateral Impact• Learning from Past• Finding the RCA• Skills Shortage• Incident Based SLA
Management• Incident Closures• Reporting
• Technical• Business Context• Performance Based
(MSSP/Internal Team)
• Business Context to the Investigation
• Adding BigData Analytics• Bulletin Boards to the Team• Case Management• Automating Runbook• Threat Visibility & Spread• Avoid Over Detection & False
Positive• Automate Similar Incidents• Prioritization Based on
Business Impact• Incident Containment as a First
Step• Surgical Response for Accurate
Threat Eradication• Practicing the Crisis Situation
• Matured Security Operation Center (SoC)
• Identifying Unknown Threats
• Incident Management• Incident Automation• Containment• Forensic Data for
Accurate Eradication• Practicing Crisis
Situation• Continuous Skills
Improvement• Runbook Automation for
Accuracy
© 2016 by CYBERBIT │ CYBERBIT Proprietary 7
SOC 3D: Your Gateway to the Future
© 2016 │ CYBERBIT Proprietary 8
Provides more accurate and actionable high priority alerts by ingesting and analyzing SOC feeds and external feeds
Your Single Pane of Glass for managing your entire security operations
The only SOC management platform combining automation, orchestration and big-data security analytics for real-time investigation
What Is SOC-3D
© 2016 by CYBERBIT │ CYBERBIT Proprietary 9
ALERTS
SIEM
Ticketing
CRM
Helpdesk
EDR
UBA
RESPONSE TOOLS
IPS
EDR
WAF
Active Directory
NAC
Memory Dump
Threat Intel CMDB
HR Systems GRC
Compliance Vulnerability Assessment
Enrichment
Your SOC Hub
SOC 3D
Big-Data
API’sAPI’s
© 2016 by CYBERBIT │ CYBERBIT Proprietary 10
Security Analytics Visualize Anything. Investigate Freely.
Explore raw data for forensics
Real-time access via big-data platform
Real-time visualization for faster insights
© 2016 by CYBERBIT │ CYBERBIT Proprietary 11
SMART AUTOMATIONAccelerate analyst work across the entire IR cycle
AUTOMATE RESPONSE
Automate SOC operator and analyst response tasks
AUTOMATE DATA ENRICHMENT
Get all relevant data for investigation
AUTOMATEDECISION MAKING
By automating data collection prior to response
© 2016 by CYBERBIT │ CYBERBIT Proprietary 12
The Response Process: Traditional SOC
Manual Preparation: 15 minutes
New Malware Alert
Run MemoryDump Utility
Isolate HostUsing NAC API
Alert IT toReplace User
Host
Check AssetCriticality
XCritical Proccess
Check BISOContact
Alert CISO & BISO
CollectAdditionalRaw Data
XSend recommendations
and Summaryreport Investigate
Escalate toTier 2
2 minutes 2 minutes
3 minutes
2 minutes 2 minutes 2 minutes 2 minutes
© 2016 by CYBERBIT │ CYBERBIT Proprietary 13
Automated decision making
Automated data enrichment
Automated response
The Response Process: With SOC-3D Automation
New Malware Alert
Run MemoryDump Utility
Alert IT toReplace User
Host
XCritical Proccess
Check BISOContact
Alert Ciso & BISO
CollectAdditionalRaw Data (e.g. TI)
XSend recommendations
and Summaryreport Investigate
Escalate toTier 2
Isolate HostUsing NAC API
Check AssetCriticality
Start Here
© 2016 by CYBERBIT │ CYBERBIT Proprietary 14
Impact On TTR and TCO
Average number of stages per incident 6
Average time saved by SOC 3D per stage 2 minutes
Total time saved by SOC 3D per incident 12 minutes
Number of daily incidents 100
Time saved by SOC 3D every day 20 hours
TCO saving per day $2000
TCO saving per month $44,000
© 2016 by CYBERBIT │ CYBERBIT Proprietary 15
With SOC-3D, Your SOC is
EFFICIENTFaster to respond
Reduces SOC team workloadMeasurable
BUSINESS-DRIVENFocuses on what matters the mostKeeps executive level informedEngages the entire organization
SOC USER-CENTRICReduces the expertise barrier
Engages your teamIncreases analyst impact
Simplifies complex investigations
© 2016 by CYBERBIT │ CYBERBIT Proprietary 16
Deep Diving - SOC 3D
© 2016 by CYBERBIT │ CYBERBIT Proprietary 17
Thank You!