Written By Dr Al Hartmann And Presented By Charles Leaver Ziften CEO
Anton Chuvakin, VP and security analyst at Gartner Research posted about the three essential Security Operations Center (SOC) tools required to provide efficient cyber attack visibility. Chuvakin compared them to the cold war’s “nuclear triad” idea of siloed, airborne, and nuclear submarine abilities required to ensure survival in an overall nuclear exchange. Likewise, the SOC visibility triad is important to making sure the survival of a cyber attack, “your SOC triad looks to significantly decrease the chance that the attacker will operate on your network long enough to accomplish their goals” as Chuvakin wrote in his blog.
Now we will look at the Gartner designated essentials of the SOC triad and how Ziften supports each capability.
SIEM (Security Information and Event Management) – Ziften Open Visibility ™ extends existing security, event tracking tools and system management by providing crucial open intelligence of any business endpoint. Ziften’s Open Visibility platform now includes integration with Splunk, ArcSight, and QRadar, as well as any SIEM supporting Common Event Format (CEF) alerts. Unlike competing product integrations that only offer summary data, Ziften Open Visibility exposes all Ziften gathered endpoint data for complete featured integration exploitation.
NFT (Network Forensics Tools)– Ziften ZFlow ™ extends network flow based security tools with essential endpoint context and attribution, significantly enhancing visibility to network events. This new standards based technology extends network visibility down within the endpoint, collecting essential context invisible over the wire. Ziften has an existing product integration with Lancope, and also has the ability to quickly integrate with other network flow collectors utilizing Ziften Open Visibility architecture.
EDR (Endpoint Detection and Response)– The Ziften Endpoint Detection and Response service constantly examines user and device behaviors and highlights anomalies in real time, enabling security analysts to hone in on sophisticated risks faster and lessen Time To Resolution (TTR). Ziften EDR allows companies to more rapidly figure out the root cause of a breach and select the required corrective actions.
While other security tools play supporting roles, these are the 3 fundamentals that Gartner asserts do constitute the core defender visibility into enemy actions within the targeted company. Arm up your SOC triad with Ziften. For a no obligation complimentary trial, see: http://ziften.com/free-trial to get more information.