Written By Dr Al Hartmann And Presented By Chuck Leaver Ziften CEO
Anton Chuvakin, VP and security expert at Gartner Research posted about the three necessary Security Operations Center (SOC) tools needed to offer reliable cyber attack visibility. Chuvakin compared them to the cold war’s “nuclear triad” principle of siloed, airborne, and nuclear submarine capabilities required to guarantee survival in a total nuclear exchange. Similarly, the SOC visibility triad is crucial to ensuring the survival of a cyber attack, “your SOC triad seeks to significantly reduce the chance that the attacker will operate on your network long enough to achieve their goals” as Chuvakin wrote in his blog.
Now we will look at the Gartner designated fundamentals of the SOC triad and how Ziften supports each capability.
SIEM (Security Information and Event Management) – Ziften Open Visibility ™ extends existing security, event tracking tools and system management by delivering vital open intelligence of any enterprise endpoint. Ziften’s Open Visibility platform now consists of integration with Splunk, ArcSight, and QRadar, in addition to any SIEM supporting Common Event Format (CEF) alerts. Unlike competing product integrations that just supply summary data, Ziften Open Visibility exposes all Ziften collected endpoint data for full highlighted integration exploitation.
NFT (Network Forensics Tools)– Ziften ZFlow ™ extends network flow based security tools with crucial endpoint context and attribution, significantly boosting visibility to network events. This new standards based innovation extends network visibility down within the endpoint, collecting essential context invisible over the wire. Ziften has an existing product integration with Lancope, and also has the capability to rapidly integrate with other network flow collectors utilizing Ziften Open Visibility architecture.
EDR (Endpoint Detection and Response)– The Ziften Endpoint Detection and Response system continually assesses user and device behaviors and highlights anomalies in real time, permitting security experts to hone in on advanced threats quicker and minimize Time To Resolution (TTR). Ziften EDR enables organizations to more rapidly figure out the source of a breach and pick the required corrective actions.
While other security tools play supporting roles, these are the three essentials that Gartner asserts do constitute the core protector visibility into hacker actions within the targeted company. Arm up your SOC triad with Ziften. For a no commitment totally free trial, visit: http://ziften.com/free-trial to read more.