Think Like An Atacker, Act Accordingly
End-to-End Security Operations Center
Integrated Zero Trust, SOC and Post-Compromise
SOC: WackaMole Anyone?
​
We leverage our Zero Trust Offering and Incident Correlation Engine to reduce false positives
Time to Compromise is decreasing
According to CarbonBlack's 2018 survey,
-
Once an “endpoint” (e.g. laptop, phone, tablet, other) or server or whatever is compromised , the bad guys DO NOT take long:
-
Russian actors move are moving across your network within 18 minutes, 49 seconds
-
North Korea: 2 hours, 20 minutes
-
China: four hours
-
Iran: 5 hours
-
E-crime: 9 hours
Time to Compromise
Living off the Land allows bad actors to utilize native OS capabilities, affording them access to native capabilities and more easliy evade detection. In essence, bad guys are getting smarter
​
Cybercriminals are continuing to hide in plain sight and move laterally leveraging non-malware / fileless attack methods.
PowerShell, Windows Management Instrumentation (WMI) and Secure File Transfer Protocol (SSH) were the top three legitimate applications attackers were leveraging in 2018, according to data gathered from Carbon Black’s IR partners.
​
Living Off the Land
Active Evasion:
According to Carbon Black’s 2018 year in review, Adversaries are using counter incident response techniques in >50% of the compromises they explored (i.e. the bad guys are trying to actively evade)
Active Evasion
Security Operations Centers and Incident Correlation Services
1. ASSET DISCOVERY
Understand who and what is connected to your environment at any time. More than a CMDB. From Physical & Virtualized Infrastructure, On-premises servers, workstations, and to cloud infrastructure and apps. Correlate this discovery between SIEM and Network Taps.
2. VULNERABILITY ASSESSMENTS
Identify vulnerabilities and remediate to limit your risk surfaces. Integrate with our AppSec, DevOps, ServiceMesh, Patch Management, and Cloud Management for auto-remediation
INTRUSION DETECTION
Identify and correlate activities that are out of the norm, from living off the land to exfiltration.
ENDPOINT DETECTION & RESPONSE
Monitor changes to your endpoints from filesystems to privileges. Manage endpoints from SOC to Contain and quarantine endpoints as required
BEHAVIOR ANALYSIS
Correlate host and network events to get a true picture of what's happenin within and across your network, integrated with threat intelligence and other components within your security framework
Incident Management
Consistent incident management helps drive cost per incident as noted by a study from IBM. Our SOC leverages best practices to not only identify but contain compromises whenver feasible.
SIEM Log Mangement
Proactively hunt for threats within your environment as required by your cyber insurance policy, board directives, and best practices
COMPLIANCE
Our Solutions is compliant with PCI DSS, SOC 2, and HIPAA requirements
End-toEnd SOC
​
We utilize our Zero-Trust Solution to reduce your attack surfaces....which in turn typically reduces incidents to be managed by the SOC....But we also understand it's not a matter of if but when...you're getting compromised. Which is why we provide full stack Data Protection and Disaster Recovery for OT and IT
Zero-Trust