Written By Dr Al Hartmann And Presented By Charles Leaver Ziften CEO
Anton Chuvakin, VP and security analyst at Gartner Research published about the three important Security Operations Center (SOC) tools required to offer efficient cyber attack visibility. Chuvakin compared them to the cold war’s “nuclear triad” concept of siloed, air-borne, and nuclear submarine abilities needed to guarantee survival in an overall nuclear exchange. Likewise, the SOC visibility triad is essential to ensuring the survival of a cyber attack, “your SOC triad seeks to substantially lower the opportunity that the attacker will operate on your network long enough to achieve their goals” as Chuvakin wrote in his post.
Now we will look at the Gartner designated basics of the SOC triad and how Ziften supports each ability.
SIEM (Security Information and Event Management) – Ziften Open Visibility ™ extends existing security, event monitoring tools and system management by delivering essential open intelligence of any enterprise endpoint. Ziften’s Open Visibility platform now consists of integration with Splunk, ArcSight, and QRadar, in addition to any SIEM supporting Common Event Format (CEF) notifications. Unlike competing product integrations that only supply summary data, Ziften Open Visibility exposes all Ziften collected endpoint data for complete featured integration exploitation.
NFT (Network Forensics Tools)– Ziften ZFlow ™ extends network flow based security tools with vital endpoint context and attribution, significantly boosting visibility to network events. This brand-new standards based technology extends network visibility down within the endpoint, collecting vital context that cannot be observed over the wire. Ziften has an existing product integration with Lancope, and additionally has the capability to rapidly integrate with other network flow collectors utilizing Ziften Open Visibility architecture.
EDR (Endpoint Detection and Response)– The Ziften Endpoint Detection and Response solution continually examines user and device habits and highlights abnormalities in real time, permitting security analysts to focus on advanced risks quicker and lessen Time To Resolution (TTR). Ziften EDR permits companies to more quickly determine the root cause of a breach and decide on the required corrective actions.
While other security tools play supporting roles, these are the 3 essentials that Gartner asserts do constitute the core protector visibility into hacker actions within the targeted organization. Arm up your SOC triad with Ziften. For a no obligation totally free trial, see: http://ziften.com/free-trial to get more information.